keen456
keen456@SwiftOnSecurity Not sure if you saw this story about #TrustCor getting removed as a root CA, but it's fascinating as a failure in communications, and ultimately trust: https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/etbBho-VBQAJ?pli=1 TrustCor wasn't accused of anything serious, but they bungled the response so epicly that they might as well have been.
This is genuinely fascinating watching a company basically destroy a large part of itself, not so much for what they originally did, but how they reacted when asked about it: https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/etbBho-VBQAJ?pli=1 #cacert #rootca #certificates #trustcor
Marcel SIneM(S)US#Chrome, Safari, #Firefox: Die mysteriöse Firma, die in unseren Browsern steckt - Golem.de https://www.golem.de/news/chrome-safari-firefox-die-mysterioese-firma-die-in-unseren-browsern-steckt-2211-169708.html #Trustcor #CyberCrime #Datenschutz #privacy #surveillance #Überwachung #certificates #TLS #Browser #WebBrowser #ChromeBrowser #GoogleChrome #Google #Mozilla #Apple #SafariBrowser
Cassandrich
hexa-The python-certifi maintainers seem to have requested and received a CVE for removing #TrustCor roots from their ca-bundle.
Noticed our package does not rely on our system-wide CA bundle and as such does not respect reconfiguration done through `security.pki`, which is probably not what users would expect.
That will be resolved through https://github.com/NixOS/nixpkgs/pull/205127, and we'll also add support for NIX_SSL_CERT_FILE, which will likely work throughout most python packages now.
#nixos CVE-2022-23491
python3Packages.certifi: Update and use system ca-bundle by mweinelt · Pull Request #205127 · NixOS/nixpkgs
We update the system ca-bundle more reliably, and it allows ties in with module based configuration applied through security.pki. Fixes: CVE-2022-23491 Description of changes Things done Built o...
We are removing the three #TrustCor root certificates from our ca-bundle in #nixpkgs.
This change will need to go through staging for every release, so probably 10-14 days until it will reach endusers.
cacert: Distrust TrustCor root certificates by mweinelt · Pull Request #204795 · NixOS/nixpkgs
Mozilla set "Distrust After" for the three TrustCor Root CAs¹, so new certificates issued would not be trusted after 2022/11/30, while older enduser certificates would continue working until they e...
Marcus Adams#Mozilla and #Microsoft distrust #TrustCor certificates due to suspicions over covert spyware operation
I went ahead and de-registered the TrustCor certificates on all my personal machines. If you're running a Debian system you can do this by running, as root:
dpkg-reconfigure ca-certificates
You'll then be given an option to deselect certain certificates as "trusted".
#privacy #security #cybersecurity @hen @techlore @sr @thenewoil
Mozilla and Microsoft distrust TrustCor certificates due to suspicions over covert spyware operation
Mozilla, Microsoft, and likely other browser makers have started to take action against TrustCor, a Certificate Authority (CA) issuing root certificates for billions of internet-connected devices. According...
brianWaiting for some chili to finish cooking, sitting down to finish reading this mailing list thread about #TrustCor being removed as a trusted CA 👀 https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4
Andrew Bennett
Jonathan Kamens 86 47It's obviously good that browsers and other trusted root CA database maintainers are dropping #TrustCor, but it's obviously bad that it got this far. As this article documents, this is just the most recent of many incidents involving suspicious root certificate authorities. We need to get better at this. #infosec
https://www.washingtonpost.com/technology/2022/11/30/trustcor-internet-authority-mozilla/
https://www.washingtonpost.com/technology/2022/11/30/trustcor-internet-authority-mozilla/
