Here's something I am very excited about: Photosynthesis! 🌱☀️

A proposal to have CAs run transparency logs and make X.509 certificates out of Merkle Tree inclusion proofs.

This is similar to how CT would have worked in an ideal world, and it solves the problem of PQC signature sizes in logs and handshakes.

https://mailarchive.ietf.org/arch/msg/tls/6jqhUVz58s4ZgsZ8HvuZftncT9A/

Do you enjoy guzzling real-time TLS certificate allocations, but don't want to use a third-party service (crt.sh, CertStream, etc.)? Drink straight from the Certificate Transparency log firehose using ctail:

$ go run github.com/hdm/ctail@latest -f -m '^autodiscover\.'

https://github.com/hdm/ctail

„Wer ist eigentlich dieser @leyrer?“
-
„Ja der hält seit Jahren immer wieder (auch mehrere Vorträge) bei der #GPN.“
-
„Ne, sagt mir nichts.“
-
„Und verteilt da immer Manner Waffeln.“
-
„Ach so der. Ja, da war ich schon in ein paar Vorträgen.“

#gpn23

"Politicians wanting to undermine encryption must understand that by doing so, they will weaken encryption for everyone. There is no way to build a “secure backdoor.” […] If a vulnerability exists, the question is when it will be found. If a master key is created, the question is when it will be stolen."

https://tuta.com/blog/opinion-signalgate

#Security #E2EE #Signalgate

INC Ransom listed Academic Urology and Urogynecology of Arizona. That's a sensitive target that I expect people won't want leaked.

Pun not intended but I'm leaving it.

#ransomware

"The sitecore\ServicesAPI user has a password hard-coded to b"

https://labs.watchtowr.com/is-b-for-backdoor-pre-auth-rce-chain-in-sitecore-experience-platform/