Mastodawn

Show thread

Kevin Karhan

May 29, 2025

@dashjackson @froge @arstechnica this isn't new either.

#Microsoft refuses to fix their #CrpytoAPI #Backdoor so anything that uses it (all browsers excpet #Firefox & #TorBrowser as well as all eMail clients except #Thunderbird) are vulnerable, and that vulnerable is trigger-able with a single HTTPS request.

https://github.com/kkarhan/windows-ca-backdoor-fix

GitHub - kkarhan/windows-ca-backdoor-fix: Fixes a critical backdoor in Windows' CryptoAPI, which allows to unconsenting Update of CA Certificates in the background. See https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefaehrden-SSL-Verschluesselung-2317589.html

Fixes a critical backdoor in Windows' CryptoAPI, which allows to unconsenting Update of CA Certificates in the background. See https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefae...

GitHub