Skip to main content
Topic: Security conundrum (Read 3141 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Security conundrum

So, the EFF, an organisation I tend to place a little trust in, tells me I should no longer accept digital certificates issued by QuoVadis. You can read why here: https://www.eff.org/deeplinks/2019/02/cyber-mercenary-groups-shouldnt-be-trusted-your-browser-or-anywhere-else.

Easy enough you say, just go into your browser and delete the certificates issued by them. Sure,

BUT

Protonmail, an organisation whom I also place a little trust in, issue all their digital certificates through QuoVadis, so if you do delete them you won't even get onto their website let alone be able to exchange secure mail with them.

So which to trust the most (or least) ?

What would you do ?

Re: Security conundrum

Reply #1
Quote
Nets have been constructed by human beings since at least the Mesolithic period for use in capturing or retaining things. Their open weaves provide lightness and flexibility that allow them to be carried and manipulated with relative ease, making them valuable for methodical tasks such as hunting, fishing, sleeping, and carrying.
https://en.wikipedia.org/wiki/Net_(device)

 :o

EDIT: Fixed link

Re: Security conundrum

Reply #2
https://en.wikipedia.org/wiki/Anastomosis
Quote
In mycology, anastomosis is the fusion between branches of the same or different hyphae.[8] Hence the bifurcating fungal hyphae can form true reticulating networks. By sharing materials in the form of dissolved ions, hormones, and nucleotides, the fungus maintains bidirectional communication with itself.

https://en.wikipedia.org/wiki/Fungus#Evolution
Quote
fungi date to the Paleoproterozoic era, some 2,400 million years ago (Ma); these multicellular benthic organisms had filamentous structures capable of anastomosis.

Re: Security conundrum

Reply #4
Quote from: conky60 – on


It was not meant in any way unfriendly, but hopefully food for thought.
I know, the little sentence reads cold, yet it is just a summary on the purpose of the human invention of the net, a tool.
If you look closely who and why created the internet, it is not really a pleasant truth.
It is the same as with a knife, another tool, it can be used to cut bread, or to kill.

Re: Security conundrum

Reply #5
Quote from: artoo – on
, it is not really a pleasant truth

why not?    :)
Most of the crap around us have evolved from the same source (the general industry).  It has been for 100 years the single most important source of invention and innovation.  Making weapons and killing people has been the source of inspiration for science and technology.  Cannibalism is the prime characteristic of this specie.  Unlike fungus that promotes and assists cohabitation and biodiversity.

Jihad on systemd promoters :)

Re: Security conundrum

Reply #6
Quote from: fungalnet – on
why not?    :)
Most of the crap around us have evolved from the same source (the general industry).  It has been for 100 years the single most important source of invention and innovation.  Making weapons and killing people has been the source of inspiration for science and technology.  Cannibalism is the prime characteristic of this specie.  Unlike fungus that promotes and assists cohabitation and biodiversity.

Jihad on systemd promoters :)


You probably find the following amazing, but in my view, we become too dependent on technology and further disconnect from nature. Technology is meant to serve us, but we have come to the point that we serve technology.

Re: Security conundrum

Reply #7
Quote from: artoo – on
but we have come to the point that we serve technology.

I couldn't agree more, and the more we disconnect from nature the more damage we do and we perceive it as necessary for our survival.  We have (those with power and wealth drove us here) manufactured the machine for our own destruction and we are convinced we should serve it well.
People also confuse the difference between science (knowledge), with applications using science, to technology, to mass production.  Just because we know that we are capable of evil and destruction we should be able to control the drive to actually do it.  But there are  specific social forces that drive us to this.  It is wrong to think about it as "we" humans are all at fault.  There are those that benefit from this that push all of us do it.

We should use artix to save the earth :)

Re: Security conundrum

Reply #8
Quote from: artoo – on
It was not meant in any way unfriendly, but hopefully food for thought.
I know, the little sentence reads cold, yet it is just a summary on the purpose of the human invention of the net, a tool.
If you look closely who and why created the internet, it is not really a pleasant truth.
It is the same as with a knife, another tool, it can be used to cut bread, or to kill.

Indeed....I did not interpret your reply as unfriendly in any way. I referred to "fungalnet's"  stating that "fungi" date back 2.4 million years. I was making the connection "fungal-net > fungi"....in humor. :)

Best regards

We should try to be kind to everyone.....we are all fighting some sort of battle.

Re: Security conundrum

Reply #9
i think it's about balance like i could go to nature a lot and all the time but at the moment i can't and it's too cold outside to for me it's 50% technology 50% nature
but of course i don't really use a phone i have it turned off all the time. i dont go on youtube and social media like everybody (well i go on twitter only) dont want to have a smartphone my only technology things i use is laptop displays and some devices to listen to music too. few months ago i even decided to avoid filling google recaptchas. so if somebody requiries it i don't do it ;D. then i read on net that bots check us if are bots haha.

i think it's just being attached to certain things like television, smartphones that have certain impact on the way we think. so people instead of going to nature they are hooked to their televisions and what they see on it while others kill forests animals etc. etc. and then working next day so waking up early. For me the most important thing in lyfe and it's natural it's sleep. I go nuts if i can't go to sleep when i want and wake up when i want. waking up with alarm like most of people do is against our nature.
my top 1 idea is that there should be much less cars on the streets. 5 seats cars and they're almost all the time filled with just one person its such a waste of energy. i see one out of 5 cars have 3 or more people inside. there should be like 5 cars 20 people not 20 cars 17 people. also there is massive food overproduction it's just too much food its there produced everyday and thrown to the bin while something suffers from hunger and then they tell you on tv to donate money to charities to save lives of people in africa or somewhere else where they live nature but they want westernize them which is send them to schools and then to jobs so they can work for another billionairie and be enslaved as well as future generations born into slavery

edit: well and to be fair its everybodys choice what they do. maybe people who have contact with nature look younger healthier they feel better and breath fresh air while people who don't feel depressed, anxiety and die by cancer or simply commit suicide
edit2: also what i think is evil is europeans or americans buy products made in asia. this is another reason why there is such a pollution and poverty.
foods made by machines is another fact that leads to enslavery. everybody eats food made by a machine if i think about this. you go to supermarket you have self checkout computers its being served by computer.
ITS CRAZY but nobody thinks about stuff like this apart from me because i do... ;/ dont know why others dont though

Re: Security conundrum

Reply #10
Quote from: whoami – on
So, the EFF, an organisation I tend to place a little trust in, tells me I should no longer accept digital certificates issued by QuoVadis. You can read why here: https://www.eff.org/deeplinks/2019/02/cyber-mercenary-groups-shouldnt-be-trusted-your-browser-or-anywhere-else.

Easy enough you say, just go into your browser and delete the certificates issued by them. Sure,

BUT

Protonmail, an organisation whom I also place a little trust in, issue all their digital certificates through QuoVadis, so if you do delete them you won't even get onto their website let alone be able to exchange secure mail with them.

So which to trust the most (or least) ?

What would you do ?

Well what I did, after I read your link I then checked if the UAE were on good terms with the USA, which they are, and I discovered Project Raven
 https://www.reuters.com/investigates/special-report/usa-spying-raven/
which was interesting to hear about too. I couldn't find any Quo Vadis things on my fs when I searched it, and I am using Pale Moon not Mozilla Firefox, nor could I find any mention of Quo Vadis on the Pale Moon forum. I would suggest Tutanota as a possible alternative, although I'm not sure what they use for their secure encrypted emails.
Possibly I should have spent the time making a net out of some string instead though.

Re: Security conundrum

Reply #11
Quote from: whoami – on
So, the EFF, an organisation I tend to place a little trust in, tells me I should no longer accept digital certificates issued by QuoVadis. You can read why here: https://www.eff.org/deeplinks/2019/02/cyber-mercenary-groups-shouldnt-be-trusted-your-browser-or-anywhere-else.

Easy enough you say, just go into your browser and delete the certificates issued by them. Sure,

BUT

Protonmail, an organisation whom I also place a little trust in, issue all their digital certificates through QuoVadis, so if you do delete them you won't even get onto their website let alone be able to exchange secure mail with them.

So which to trust the most (or least) ?

What would you do ?

From your EFF link,
Quote
DarkMatter was already given an "intermediate" certificate by another company, called QuoVadis, now owned by DigiCert.
I think this shouldn't be a problem since November 2017, since DarkMatter has moved to its own CA. CMIIW.
now only the dinit guy in artix

Re: Security conundrum

Reply #12
Quote from: conky60 – on
Indeed....I did not interpret your reply as unfriendly in any way. I referred to "fungalnet's"  stating that "fungi" date back 2.4 million years. I was making the connection "fungal-net > fungi"....in humor. :)

Best regards




I apparently confused your signature with a comment.  :P

Re: Security conundrum

Reply #13
That is an interesting reply konimex, but I don't understand why the EFF would express concern about this in February 2019 if DarkMatter moved to its own CA in 2017?

Have they just got it wrong?

I am getting a bit paranoid about email recently because my other provider is Australian, and the Aussie government have recently introduced the frankly frightening legislation going under the acronym TOLA. If you haven't heard of that, you can read a bit about what Mozilla think of it here: TOLA

Re: Security conundrum

Reply #14
The originator of a CA certificate seems to be theoretically able to decrypt anything encrypted with it, which is why they should be trusted.
But from the discussion on the Mozilla google group the UAE Dark Matter certificates are labelled as Dark Matter:

https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/nnLVNfqgz7g/YiybcXciBQAJ
"One other thing I wanted to get ahead of is that we are revoking three Dark
Matter issuing CAs tomorrow. This revocation was planned well before this
discussion started. These three certificates were issued in 2016 with
improper name constraints.  The 2017 certificates currently used are
replacements for those certificates without any name constraints. The three
certificates are:

CN=DarkMatter Assured CA,O=DarkMatter LLC,C=AE
4812bd923ca8c43906e7306d2796e6a4cf222e7d        2024-04-29 22:53:00
6b6fa65b1bdc2a0f3a7e66b590f93297b8eb56b9
CN=DarkMatter High Assurance CA,O=DarkMatter LLC,C=AE
093c61f38b8bdc7d55df7538020500e125f5c836        2024-04-29 22:38:11
8835437d387bbb1b58ff5a0ff8d003d8fe04aed4
CN=DarkMatter Secure CA,O=DarkMatter LLC,C=AE
093c61f38b8bdc7d55df7538020500e125f5c836        2024-04-29 22:45:18
6a2c691767c2f1999b8c020cbab44756a99a0c41 "

So Quo Vadis certificates are (probably, afaict) not something to worry about as Konimex pointed out.
And the current Mozilla cert list now doesn't seem to have any Dark Matter in it:
https://hg.mozilla.org/releases/mozilla-beta/file/tip/security/nss/lib/ckfw/builtins/certdata.txt
Although they are on the pending list:
https://ccadb-public.secure.force.com/mozilla/PendingCACertificateReport