SwiftOnSecurityFeb 6, 2023

End-to-End encrypted chat apps don't help when you're chatting with the FBI

(Via @klong)

https://www.businessinsider.com/fbi-says-agents-thwarted-plot-take-out-marylands-power-grid-2023-2

FBI agents thwarted a plot to take out Maryland's power grid

Sarah Beth Clendaniel and Brandon Clint Russell have been charged with conspiracy to destroy an energy facility.

Insider
Show threadSwiftOnSecurityFeb 6, 2023
(Archived from @shanselman)
Show threadstux⚡️Feb 6, 2023

@SwiftOnSecurity @shanselman Very true!

Anyone can request a free SSL cert or buy one, or two or a gazillion 

Show threadKevin Karhan Feb 6, 2023

@stux @SwiftOnSecurity @shanselman *nodds in agreement*

And whilst I've prefered if #CAcert and it's #EV-alike #identification & #assurance would've taken ocer instead of #LetsEncrypt, I'd rather see a sloppy "free #SSL for everyone" than paywalling of said feature.

Show threadSteffo 

@kkarhan I still look back at the "free web hosting provider" where I had my website a few years ago. They charged money for a LetsEncrypt certificate.

Now I host my websites with a paid provider, so I learned my lesson 😅.

Feb 20, 2023 at 1:21pmWeb
Show threadKevin Karhan Feb 20, 2023
@SteffoSpieler I'm still mad about big corporations - espechally Microsoft and Apple, but also Mozilla - cockblocking #CAcert back in the day yet being total supporters of #LetsEncrypt when in fact the latter one does nithing against abuse and literally issues certs to everyone with no records but CACert which exceed "Extended Validation" in most cases get denied recodnition despite having excellent InfoSec & ITsec.
Show threadSteffo Feb 20, 2023

@kkarhan sorry if that sounds stupid, but I don't understand completely what you want to say 😓

My English isn't the greatest and when using many abbreviations and terminology I reach my limit quite fast.

Is it bad that I use LetsEncrypt?

Show threadKevin Karhan Feb 20, 2023

@SteffoSpieler no, it's better than no SSL whatsoever.

I just think that it's proving the reservations against #CAcert to be flat-out lies, since #LetsEncrypt doesn't do any verification whatsoever.

Show threadjan Susu (MOVING INSTANCES)Feb 20, 2023
@SteffoSpieler @kkarhan I think what they are saying is LetsEncrypt has issues because they just give certificates out to everyone without caring what is done with them and they still get recognized, while a different organization got blocked by big corps.

So no, its not inherently bad to use LetsEncrypt, they are just mad that they were treated better than another org despite being worse.

(ofc correct me if I misinterpreted you)
Show threadSteffo Feb 20, 2023

@susul @kkarhan oh wait what. I missed that completely.

yeah, that's actually wtf.