Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Weekly Update 374

published on 2023-11-17 08:03:34 UTC by Troy Hunt
Content:

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

Weekly Update 374

Think about it like this: in 2015, we all lost our proverbial minds at the idea of the Kazakhstan government mandating the installation of root certificates on their citizens' devices. We were outraged at the premise of a government mandating the implementation of a model that could, at their bequest, allow them to intercept traffic without any transparency or accountability. The EFF said the following at the time:

If the country's ruling regime were to successfully implement this plan, it would be able to snoop on, impersonate, and alter the online communications of anyone within their borders—effectively performing a Man in the Middle attack on its entire population.

Now watch the video, listen to Scott and ask yourself how different the technical capacity he discusses is from the Kazakhstan situation. Not from a policy perspective or the intentions of the respective government bodies, but rather it terms of the capabilities and lack of transparency it results in. It's nuts. But hey, it's a good time to be in this industry!

Weekly Update 374
Weekly Update 374
Weekly Update 374
Weekly Update 374

References

  1. Sponsored by: Identity theft isn’t cheap. Secure your family with Aura the #1 rated proactive protection that helps keep you safe online. Get started.
  2. If it looks like a duck, swims like a duck, and QWACs like a duck, then it's probably an EV Certificate (Scott's original Jan 2022 post on the emergence of QWACs)
  3. What the QWAC?! (Scott's post from this month that expands on eIDAS, root certificates and other - to use the technical term - batshit crazy ideas)
  4. Dead we learn nothing from the death of EV certificates?! (I posted that more than 4 years ago now after the EV indicator was removed from browser omnibars, effectively making them invisible to all but the most tech-savvy people)
Article: Weekly Update 374 - published about 1 year ago.

https://www.troyhunt.com/weekly-update-374/   
Published: 2023 11 17 08:03:34
Received: 2024 01 14 13:39:57
Feed: Troy Hunt's Blog
Source: Troy Hunt's Blog
Category: Cyber Security
Topic: Cyber Security
Views: 1

Custom HTML Block

Click to Open Code Editor