×
Login Register an account
Top Submissions Explore Upgoat Search Random Subverse Random Post Colorize! Site Rules Donate
9

Web browsers drop mysterious company with ties to U.S. military contractor

submitted by knightwarrior41 to technology 2.4 yearsDec 4, 2022 05:08:35 ago (+9/-0)     (www.stripes.com)

https://www.stripes.com/theaters/us/2022-11-30/military-contractor-browsers-cut-ties-8255730.html#:~:text=Major%20web%20browsers%20moved%20Wednesday%20to%20stop%20using,reported%20its%20connections%20to%20a%20U.S.%20military%20contractor.

Major web browsers moved Wednesday to stop using a mysterious software company that certified websites were secure, three weeks after The Washington Post reported its connections to a U.S. military contractor.

Mozilla's Firefox and Microsoft's Edge said they would stop trusting new certificates from TrustCor Systems that vouched for the legitimacy of sites reached by their users, capping weeks of online arguments among their technology experts, outside researchers and TrustCor, which said it had no ongoing ties of concern. Other tech companies are expected to follow suit.


6 comments block

sort by: hot new top old low

[ - ] x0x7 0 points 2.4 yearsDec 13, 2022 11:19:28 ago (+0/-0)*

CAs were a mistake to begin with. It's just a ploy to get the personal information of people who make alt-tech sites. There is nothing wrong with a self-signed signature. I shouldn't need someone to know my personal information to show cryptographically that the person publishing to a site has been the same person continuously.

It's typical problem and solution. You have a problem, man in the middle attacks. You could literally solve that problem on your own but we won't let you have a solution unless that solution solves a problem for us. We want to know who is responsible for publishing information online that we don't like. So no one can run a secure business or website unless they hand that over.

User don't need to know who is running the site they are on in most cases. But if I simply want to keep their passwords from leaking we can't have that unless everyone gives us information. CAs manufacture an unnecessary trade-off between security and anonymity. And if you dare try to buck the system and run a site with a self-sign then you get a scary red-screen of death. Danger, danger, viruses. That you wouldn't get if you ran http with no encryption at all. Improve security but not on their terms and you've just killed your website. Absolute fucking mafia.

[ - ] Wahaha 0 points 2.4 yearsDec 4, 2022 06:50:31 ago (+0/-0)

There were a lot of words but I didn't learn anything. So what is the real story
here? What did that company do and why is it being dropped?

[ - ] oyveyo 0 points 2.4 yearsDec 4, 2022 08:56:58 ago (+0/-0)

The company has ties to malware and also has NSA affiliation. Not exactly the kind of folks you want your computer verifying security certificates with.

[ - ] Wahaha 0 points 2.4 yearsDec 4, 2022 12:24:15 ago (+0/-0)

Then why did they work together with them in the first place?

[ - ] oyveyo 0 points 2.4 yearsDec 4, 2022 15:33:30 ago (+0/-0)

Failure to exorcise due diligence in selecting certification authorities? Money? Jews? How should I know! I only read the same article you did.