Y⃒̸̷̝̜̙ͥͥͥngmar<p>I've got another <a href="https://social.tchncs.de/tags/WhatsThis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WhatsThis</span></a> for you.</p><p>This thing sat outside the garage. It's cast, open on the bottom, has a rectangular groove for sliding something into and three holes in the groove. It's somewhat heavy. There's also a flange at the bottom.</p><p>Obviously it has been used as anvil/cutting surface, but what is its original purpose? If it's a T-40 tractor part, I don't know where it goes on that.</p><p><a href="https://social.tchncs.de/tags/Mystery" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mystery</span></a> <a href="https://social.tchncs.de/tags/WhatIsThis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WhatIsThis</span></a> <a href="https://social.tchncs.de/tags/Wotsit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Wotsit</span></a> <a href="https://social.tchncs.de/tags/Identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Identification</span></a> <a href="https://social.tchncs.de/tags/WhatIsThisThing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WhatIsThisThing</span></a> <a href="https://social.tchncs.de/tags/WhatsThisThing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WhatsThisThing</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
pawb.fun is one of the many independent Mastodon servers you can use to participate in the fediverse.
This instance aimed at any and all within the furry fandom, though anyone is welcome! We're friendly towards members of the LGBTQ+ community and aiming to offer a safe space for our users.
Administered by:
Server stats:
306active users
pawb.fun: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7+glitch
#identification
0 posts · 0 participants · 0 posts today
Ryan Hodnett<p>Does anyone know what this is? It was in shallow water in a pond in Norway.</p><p><a href="https://mastodon.world/tags/Unidentified" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Unidentified</span></a> <a href="https://mastodon.world/tags/Identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Identification</span></a> <a href="https://mastodon.world/tags/ArtWithOpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ArtWithOpenSource</span></a> <a href="https://mastodon.world/tags/Darktable" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Darktable</span></a> <a href="https://mastodon.world/tags/CCBYSA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CCBYSA</span></a> <a href="https://mastodon.world/tags/Nature" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Nature</span></a> <a href="https://mastodon.world/tags/NaturePhotography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NaturePhotography</span></a> <a href="https://mastodon.world/tags/Photography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Photography</span></a></p>
Abbie 🇵🇷🏳️⚧️🏳️🌈<p>I can’t get info on this what I think is an SoC</p><p>It’s a JointBees P20</p><p>Found some other JointBees but nothing on this. Anyone recognize it?</p><p><a href="https://hackers.town/tags/chip" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>chip</span></a> <a href="https://hackers.town/tags/soc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>soc</span></a> <a href="https://hackers.town/tags/identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>identification</span></a></p>
Jenny Mathiasson<p>Today I got to deliver something that's been living in my head for a while: a course on the <a href="https://glammr.us/tags/identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>identification</span></a> and <a href="https://glammr.us/tags/care" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>care</span></a> of <a href="https://glammr.us/tags/metals" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>metals</span></a> in <a href="https://glammr.us/tags/collections" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>collections</span></a>! 🪙</p><p>If you came along (it was open to Welsh professionals): thank you, I hope you learned something useful to your day-to-day!</p><p>If you'd like to do something similar: get in touch, I'd love to do this again. ⚙️</p><p>Now I can briefly stop thinking obsessively about metal and corrosion products...</p><p><a href="https://glammr.us/tags/training" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>training</span></a> <a href="https://glammr.us/tags/CollectionsCare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CollectionsCare</span></a> <a href="https://glammr.us/tags/conservation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>conservation</span></a> <a href="https://glammr.us/tags/events" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>events</span></a> <a href="https://glammr.us/tags/conservator" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>conservator</span></a></p>
Schneier on Security RSS<p>Google Is Allowing Device Fingerprinting</p><p>Lukasz Olejnik writes about device fingerprinting, and why Google’s policy change to allow it in 2025 is a majo... <a href="https://www.schneier.com/blog/archives/2025/01/google-is-allowing-device-fingerprinting.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">schneier.com/blog/archives/202</span><span class="invisible">5/01/google-is-allowing-device-fingerprinting.html</span></a></p><p> <a href="https://burn.capital/tags/datacollection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>datacollection</span></a> <a href="https://burn.capital/tags/identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>identification</span></a> <a href="https://burn.capital/tags/Uncategorized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Uncategorized</span></a> <a href="https://burn.capital/tags/fingerprints" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fingerprints</span></a> <a href="https://burn.capital/tags/tracking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tracking</span></a> <a href="https://burn.capital/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> <a href="https://burn.capital/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a></p>
Y⃒̸̷̝̜̙ͥͥͥngmar<p>What is this thing? I feel like I've seen it before but cannot remember.</p><p>Metal, about 45cm diameter with a grip hole.</p><p>🤷 </p><p><a href="https://social.tchncs.de/tags/WhatsThis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WhatsThis</span></a> <a href="https://social.tchncs.de/tags/Identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Identification</span></a> <a href="https://social.tchncs.de/tags/Thing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Thing</span></a> <a href="https://social.tchncs.de/tags/Help" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Help</span></a></p>
Adam S. Smith<p>Does anyone recognise the large Iguanodon sculpture in the centre of the photo here: <a href="https://dinotoyblog.com/forum/index.php?topic=84.msg384529#msg384529" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dinotoyblog.com/forum/index.ph</span><span class="invisible">p?topic=84.msg384529#msg384529</span></a></p><p>Either the artist, or the company?</p><p><a href="https://sauropods.win/tags/paleoart" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>paleoart</span></a> <a href="https://sauropods.win/tags/dinosaur" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dinosaur</span></a> <a href="https://sauropods.win/tags/identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>identification</span></a></p>
Tim Mak<p>With the coming <a href="https://journa.host/tags/return" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>return</span></a> of all three, the families can at least end one chapter of their tragedy — the part involving not knowing what became of a loved one. <a href="https://journa.host/tags/Identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Identification</span></a> and <a href="https://journa.host/tags/repatriation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>repatriation</span></a> are critical milestones in the surviving families’ grief.</p>
Lies Van Rompaey<p>Does anyone know what species of bee this is and what could have happened to its wings?</p><p>Seen early in September in the south of Spain in an abandoned flower pot.</p><p>When looking at the images now it appears dead, but I do seem to remember seeing it land.</p><p><a href="https://flipping.rocks/tags/insect" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>insect</span></a> <a href="https://flipping.rocks/tags/bee" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bee</span></a> <a href="https://flipping.rocks/tags/question" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>question</span></a> <a href="https://flipping.rocks/tags/nature" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nature</span></a> <a href="https://flipping.rocks/tags/identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>identification</span></a> <a href="https://flipping.rocks/tags/InsectSaturday" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InsectSaturday</span></a> <a href="https://flipping.rocks/tags/InsektenSamstag" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InsektenSamstag</span></a></p>
loganer<p><a href="https://mastodon.social/tags/Bug" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bug</span></a> <a href="https://mastodon.social/tags/Canada" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Canada</span></a> <a href="https://mastodon.social/tags/Aylmer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Aylmer</span></a> <a href="https://mastodon.social/tags/Ontario" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ontario</span></a> <a href="https://mastodon.social/tags/Identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Identification</span></a> </p><p>I have never seen anything like this before.<br>some kind of spider/stick bug hybrid?</p>
loganer<p><a href="https://mastodon.social/tags/plant" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>plant</span></a> <a href="https://mastodon.social/tags/identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>identification</span></a> it was covered in ants and with some parasites...<br>looks like some kind of vine ?maybe?...</p><p>this is a peace I took off it so I wouldn't have to stick around the ants for too long.</p>
loganer<p><a href="https://mastodon.social/tags/Fungi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fungi</span></a> <a href="https://mastodon.social/tags/Fungus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fungus</span></a> <a href="https://mastodon.social/tags/Mushroom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mushroom</span></a> growing on a tree stump.<br><a href="https://mastodon.social/tags/identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>identification</span></a> if possible would be nice.<br>Location: <a href="https://mastodon.social/tags/Canada" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Canada</span></a> <a href="https://mastodon.social/tags/Aylmer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Aylmer</span></a> <a href="https://mastodon.social/tags/Toronto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Toronto</span></a> <a href="https://mastodon.social/tags/Ontario" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ontario</span></a></p>
loganer<p><a href="https://mastodon.social/tags/sword" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sword</span></a> <a href="https://mastodon.social/tags/katana" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>katana</span></a> <a href="https://mastodon.social/tags/identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>identification</span></a> , I don't know what this sword would be called.</p>
Alex Jimenez<p>Clearview AI hit with its largest GDPR fine yet as Dutch regulator considers holding execs personally liable</p><p>In the meantime, Clearview AI notes that they don’t do business in the EU and are therefore not subject to GDPR</p><p><a href="https://techcrunch.com/2024/09/03/clearview-ai-hit-with-its-largest-gdpr-fine-yet-as-dutch-regulator-considers-holding-execs-personally-liable/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">techcrunch.com/2024/09/03/clea</span><span class="invisible">rview-ai-hit-with-its-largest-gdpr-fine-yet-as-dutch-regulator-considers-holding-execs-personally-liable/</span></a></p><p><a href="https://mas.to/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Privacy</span></a> <a href="https://mas.to/tags/Identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Identification</span></a> <a href="https://mas.to/tags/Regulation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Regulation</span></a> <a href="https://mas.to/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a></p>
Susan Larson ♀️🏳️🌈🏳️⚧️🌈<p><a href="https://mastodon.online/tags/Missouri" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Missouri</span></a> now <a href="https://mastodon.online/tags/requires" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>requires</span></a> <a href="https://mastodon.online/tags/proof" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>proof</span></a> of <a href="https://mastodon.online/tags/surgery" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>surgery</span></a> or <a href="https://mastodon.online/tags/courtorder" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>courtorder</span></a> for updates to <a href="https://mastodon.online/tags/gender" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gender</span></a> on <a href="https://mastodon.online/tags/State" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>State</span></a> <a href="https://mastodon.online/tags/IDs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IDs</span></a>. </p><p>Previously, the state required <a href="https://mastodon.online/tags/doctor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>doctor</span></a> <a href="https://mastodon.online/tags/approval" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>approval</span></a>, but not <a href="https://mastodon.online/tags/surgery" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>surgery</span></a>, to change the <a href="https://mastodon.online/tags/gender" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gender</span></a> listed on state-issued <a href="https://mastodon.online/tags/identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>identification</span></a>. </p><p><a href="https://mastodon.online/tags/Women" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Women</span></a> <a href="https://mastodon.online/tags/Transgender" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Transgender</span></a> <a href="https://mastodon.online/tags/LGBTQ" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LGBTQ</span></a> <a href="https://mastodon.online/tags/LGBTQIA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LGBTQIA</span></a> <a href="https://mastodon.online/tags/Missouri" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Missouri</span></a> <a href="https://mastodon.online/tags/Conservatives" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Conservatives</span></a> <a href="https://mastodon.online/tags/Extremism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Extremism</span></a> <a href="https://mastodon.online/tags/Fascism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fascism</span></a> <a href="https://mastodon.online/tags/Religion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Religion</span></a> <a href="https://mastodon.online/tags/RepublicanParty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RepublicanParty</span></a> <a href="https://mastodon.online/tags/Hate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hate</span></a> <a href="https://mastodon.online/tags/Bigotry" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bigotry</span></a> <a href="https://mastodon.online/tags/Violence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Violence</span></a> <a href="https://mastodon.online/tags/Genocide" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Genocide</span></a> <a href="https://mastodon.online/tags/Discrimination" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Discrimination</span></a> <a href="https://mastodon.online/tags/Transphobia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Transphobia</span></a> <a href="https://mastodon.online/tags/ThePartyOfHate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThePartyOfHate</span></a> <a href="https://mastodon.online/tags/EmptyThePews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EmptyThePews</span></a> </p><p><a href="https://www.nbcnews.com/nbc-out/out-politics-and-policy/missouri-now-requires-proof-surgery-court-order-gender-changes-ids-rcna167335" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">nbcnews.com/nbc-out/out-politi</span><span class="invisible">cs-and-policy/missouri-now-requires-proof-surgery-court-order-gender-changes-ids-rcna167335</span></a></p>
Schneier on Security RSS<p>Problems with Georgia’s Voter Registration Portal</p><p>It’s possible to cancel other people’s voter registration:<br>On Friday, four days after Georgia Democrat... <a href="https://www.schneier.com/blog/archives/2024/08/problems-with-georgias-voter-registration-portal.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">schneier.com/blog/archives/202</span><span class="invisible">4/08/problems-with-georgias-voter-registration-portal.html</span></a></p><p> <a href="https://burn.capital/tags/nationalsecuritypolicy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nationalsecuritypolicy</span></a> <a href="https://burn.capital/tags/identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>identification</span></a> <a href="https://burn.capital/tags/Uncategorized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Uncategorized</span></a> <a href="https://burn.capital/tags/Georgia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Georgia</span></a> <a href="https://burn.capital/tags/voting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>voting</span></a> <a href="https://burn.capital/tags/fraud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fraud</span></a></p>
Erik van Straten<p>In <a href="https://www.security.nl/posting/852814/DV+certs%3A+de+maat+is+vol" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">security.nl/posting/852814/DV+</span><span class="invisible">certs%3A+de+maat+is+vol</span></a> schreef ik (in het Nederlands) waarom het internet één grote criminele bende is geworden, refererend naar een eerdere serie (van 3) Engelstalige toots van mijn hand (<a href="https://infosec.exchange/@ErikvanStraten/112914047006977222" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/112914047006977222</span></a>).</p><p>In de tweede helft van <a href="https://security.nl/posting/852741" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">security.nl/posting/852741</span><span class="invisible"></span></a> beschrijf ik een oplossing voor een deel van het probleem: dat websites, omwille van winstbejag van Big Tech, tot *eenheidsworst* zijn gemaakt.</p><p>Als bezoeker kunt u namelijk *nergens* meer uit opmaken of een website authentiek is, of dat er sprake is van inpersonatie van de echte website - door cybercriminelen.</p><p>Dat wordt veroorzaakt door browsermakers en certificaatuitgevers die alle mogelijke moeite hebben gedaan om u de informatie te onthouden *WIE* VERANTWOORDELIJK is voor een website (de domeinnaam daarvan om precies te zijn, die u ziet in de adresbalk van uw browser).</p><p>De *suggestie* van Big Tech dat het voor *u* goed genoeg is als u weet wat de domeinnaam is van een website, is absurd.</p><p>Dat is, in de praktijk, totale onzin omdat mensen uiterst slecht zijn in het exact (noodzakelijkerwijs 100% foutloos) kunnen herkennen van *volledige* domeinnamen - en eenvoudig gefopt kunnen worden (zelfs als zij begrijpen waar zij op moeten letten en hoe domeinnamen zijn opgebouwd).</p><p>Bij voor mensen nieuwe websites (zoals van een gegooglde loodgieter of een sandalenwebshop) zegt een domeinnaam meestal ofwel niets *betrouwbaars* over wie de eigenaar is, of is pure misleiding - terwijl elke pagina van de website zelf hartstikke nep kan zijn.</p><p>Kom in opstand tegen de geldwolven op internet!</p><p><a href="https://infosec.exchange/tags/Certs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certs</span></a> <a href="https://infosec.exchange/tags/Misissuance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Misissuance</span></a> <a href="https://infosec.exchange/tags/Mis_issuance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mis_issuance</span></a> <a href="https://infosec.exchange/tags/Revocation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Revocation</span></a> <a href="https://infosec.exchange/tags/Revoked" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Revoked</span></a> <a href="https://infosec.exchange/tags/Weaknessess" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Weaknessess</span></a> <a href="https://infosec.exchange/tags/WeakCertificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WeakCertificates</span></a> <a href="https://infosec.exchange/tags/WeakAuthentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WeakAuthentication</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Identification</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNS</span></a> <a href="https://infosec.exchange/tags/DNSHijacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNSHijacks</span></a> <a href="https://infosec.exchange/tags/SquareSpace" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SquareSpace</span></a> <a href="https://infosec.exchange/tags/Authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authorization</span></a> <a href="https://infosec.exchange/tags/UnauthorizedChanges" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UnauthorizedChanges</span></a> <a href="https://infosec.exchange/tags/UnauthorizedModifications" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UnauthorizedModifications</span></a> <a href="https://infosec.exchange/tags/DeFi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DeFi</span></a> <a href="https://infosec.exchange/tags/dydx_exchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dydx_exchange</span></a> <a href="https://infosec.exchange/tags/CryptoCoins" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoCoins</span></a></p>
Erik van Straten<p>🌘DV-CERT MIS-ISSUANCE INCIDENTS🌒<br>🧵#3/3</p><p>Note: this list (in reverse chronological order) is probably incomplete; please respond if you know of additional incidents!</p><p>2024-07-31 "Sitting Ducks" attacks/DNS hijacks: mis-issued certificates for possibly more than 35.000 domains by Let’s Encrypt and DigiCert: <a href="https://blogs.infoblox.com/threat-intelligence/who-knew-domain-hijacking-is-so-easy/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blogs.infoblox.com/threat-inte</span><span class="invisible">lligence/who-knew-domain-hijacking-is-so-easy/</span></a> (src: <a href="https://www.bleepingcomputer.com/news/security/sitting-ducks-dns-attacks-let-hackers-hijack-over-35-000-domains/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/sitting-ducks-dns-attacks-let-hackers-hijack-over-35-000-domains/</span></a>)</p><p>2024-07-23 Let's Encrypt mis-issued 34 certificates,revokes 27 for dydx.exchange: see 🧵#2/3 in this series of toots</p><p>2023-11-03 jabber.ru MitMed/AitMed in German hosting center <a href="https://notes.valdikss.org.ru/jabber.ru" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">notes.valdikss.org.ru/jabber.r</span><span class="invisible">u</span></a></p><p>2023-11-01 KlaySwap en Celer Bridge BGP-hijacks described <a href="https://www.certik.com/resources/blog/1NHvPnvZ8EUjVVs4KZ4L8h-bgp-hijacking-how-hackers-circumvent-internet-routing-security-to-tear-the" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">certik.com/resources/blog/1NHv</span><span class="invisible">PnvZ8EUjVVs4KZ4L8h-bgp-hijacking-how-hackers-circumvent-internet-routing-security-to-tear-the</span></a></p><p>2023-09-01 Biggest BGP Incidents/BGP-hijacks/BGP hijacks <a href="https://blog.lacnic.net/en/routing/a-brief-history-of-the-internets-biggest-bgp-incidents" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.lacnic.net/en/routing/a-b</span><span class="invisible">rief-history-of-the-internets-biggest-bgp-incidents</span></a></p><p>2022-09-22 BGP-hijack mis-issued GoGetSSL DV certificate <a href="https://arstechnica.com/information-technology/2022/09/how-3-hours-of-inaction-from-amazon-cost-cryptocurrency-holders-235000/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/information-te</span><span class="invisible">chnology/2022/09/how-3-hours-of-inaction-from-amazon-cost-cryptocurrency-holders-235000/</span></a></p><p>2022-09-09 Celer Bridge incident analysis <a href="https://www.coinbase.com/en-nl/blog/celer-bridge-incident-analysis" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">coinbase.com/en-nl/blog/celer-</span><span class="invisible">bridge-incident-analysis</span></a></p><p>2022-02-16 Crypto Exchange KLAYswap Loses $1.9M After BGP Hijack <a href="https://www.bankinfosecurity.com/crypto-exchange-klayswap-loses-19m-after-bgp-hijack-a-18518" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bankinfosecurity.com/crypto-ex</span><span class="invisible">change-klayswap-loses-19m-after-bgp-hijack-a-18518</span></a></p><p>🌘BACKGROUND INFO🌒<br>2024-08-01 "Cloudflare once again comes under pressure for enabling abusive sites<br>(Dan Goodin - Aug 1, 2024) <a href="https://arstechnica.com/security/2024/07/cloudflare-once-again-comes-under-pressure-for-enabling-abusive-sites/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2024/</span><span class="invisible">07/cloudflare-once-again-comes-under-pressure-for-enabling-abusive-sites/</span></a></p><p>2018-08-15 Usenix-18: "Bamboozling Certificate Authorities with BGP" <a href="https://www.usenix.org/conference/usenixsecurity18/presentation/birge-lee" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">usenix.org/conference/usenixse</span><span class="invisible">curity18/presentation/birge-lee</span></a></p><p><a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/LE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LE</span></a> <a href="https://infosec.exchange/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LetsEncrypt</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/Certs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certs</span></a> <a href="https://infosec.exchange/tags/Misissuance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Misissuance</span></a> <a href="https://infosec.exchange/tags/Mis_issuance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mis_issuance</span></a> <a href="https://infosec.exchange/tags/Revocation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Revocation</span></a> <a href="https://infosec.exchange/tags/Revoked" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Revoked</span></a> <a href="https://infosec.exchange/tags/Weaknessess" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Weaknessess</span></a> <a href="https://infosec.exchange/tags/WeakCertificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WeakCertificates</span></a> <a href="https://infosec.exchange/tags/WeakAuthentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WeakAuthentication</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Identification</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNS</span></a> <a href="https://infosec.exchange/tags/DNSHijacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNSHijacks</span></a> <a href="https://infosec.exchange/tags/SquareSpace" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SquareSpace</span></a> <a href="https://infosec.exchange/tags/Authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authorization</span></a> <a href="https://infosec.exchange/tags/UnauthorizedChanges" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UnauthorizedChanges</span></a> <a href="https://infosec.exchange/tags/UnauthorizedModifications" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UnauthorizedModifications</span></a> <a href="https://infosec.exchange/tags/DeFi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DeFi</span></a> <a href="https://infosec.exchange/tags/dydx_exchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dydx_exchange</span></a> <a href="https://infosec.exchange/tags/CryptoCoins" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoCoins</span></a></p>
Erik van Straten<p>🌘DV-CERT MIS-ISSUANCES & OCSP ENDING🌒<br>🧵#1/3</p><p>On Jul 23, 2024, Josh Aas of Let's Encrypt wrote, while his nose was growing rapidly:</p><p><<< Intent to End OCSP Service<br>[...]<br>We plan to end support for OCSP primarily because it represents a considerable risk to privacy on the Internet.<br>[...]<br>CRLs do not have this issue. >>><br><a href="https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">letsencrypt.org/2024/07/23/rep</span><span class="invisible">lacing-ocsp-with-crls.html</span></a></p><p>🚨 On THAT SAME DAY, Jul 23, 2024, LE (Let's Encrypt) issued at least 34 certs (certificates) for [*.]dydx.exchange to cybercriminals, of which LE revoked 27 mis-issued certs approximately 6.5 hours later.</p><p>Note that falsified DNS records may instruct DNS caching servers to retain entries for a long time; therefore speedy revocation helps reducing the number of victims.</p><p>Apart from this mis-issuance *blunder*, CRL's have HUGE issues that Josh does not mention: they are SSSLLLOOOWWW and files are potentially huge - while OCSP is instantaneous and uses little bandwith.</p><p>🌘NO OCSP INCREASES INTERNET RISKS🌒<br>If LE quits OCSP support, the average risk of using the internet will *increase*.</p><p>🌘LIES🌒<br>Furthermore, the privacy argument is mostly moot, as nearly every website makes people's browsers connect to domains owned by Google (and even let's those browsers execute Javascript from third party servers, allowing nearly unlimited espionage). In addition, IP-addresses are sent in the plain anyway (📎).</p><p>(📎 When using a VPN, source and destination IP-addresses *within the tunnel* are not visible for anyone with access to the *outside* of the tunnel - but they are sent in the plain between the end of the tunnel and the actual server.)</p><p>Worse, the remote endpoint of your E2EE https connection increasingly often is *not* the actual server (that website was moved to sombody else's server in the cloud anyway), but a CDN proxy server which has the ability to monitor everything you do (unencrypting your data: three letter agencies love it, FISA section 702 grants them unlimmited access - without anyone informing you).</p><p>🤷 LE may try to blame others for their mis-issuance blunder, but *THEY* chose to use old, notoriously untrustworthy, internet protocols (BGP and DNS, including database records - that DNSSEC will never protect) as the basis for authentication. By making that choice, LE and other DV cert suppliers were simply ASKING for trouble.</p><p>🔓 In fact, the promise that Let's Encrypt would make the internet safer was misleading from the start: domain names are mostly meaningless to users, 100% fault intolerant, unpredictable and easily forgotten. If your browser is communicating with a malicious server, encryption is pointless.</p><p>Josh, stop lying to us; your motives are purely economical.</p><p>🌘CORRUPT: BIG TECH FACILITATES CRIME🌒<br>DV-certs were heavily promoted by Google (not for phun but for profit) after their researchers "proved" that it was possible to show misleasing identification information in the browser's address bar after certificate mis-issuance (the "Stripe, Inc" incident, <a href="https://arstechnica.com/information-technology/2017/12/nope-this-isnt-the-https-validated-stripe-website-you-think-it-is/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/information-te</span><span class="invisible">chnology/2017/12/nope-this-isnt-the-https-validated-stripe-website-you-think-it-is/</span></a>).</p><p>This message was repeated by many specialists (e.g. <a href="https://www.troyhunt.com/paypals-beautiful-demonstration-of-extended-validation-fud/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">troyhunt.com/paypals-beautiful</span><span class="invisible">-demonstration-of-extended-validation-fud/</span></a>) with stupid arguments: certificates do NOT directly warrant reliable websites.</p><p>OV and EV certificates, and QWAC's, more or less reliably, warrant *WHO OWNS* a domain name. That means that users know *who* they're doing business with, can depend on their reputation and can sue them if they violate laws.</p><p>"Of course" Google recently lost trust in Entrust for mis-issuing certificates (<a href="https://security.googleblog.com/2024/06/sustaining-digital-certificate-security.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">security.googleblog.com/2024/0</span><span class="invisible">6/sustaining-digital-certificate-security.html</span></a>).</p><p>Meanwhile the internet has become a corrupt and criminal mess; its users get to see misleading identification info in their browser's address bar WAY MORE OFTEN, e.g. https:⁄⁄us–usps–ny.com (for loads of examples see <a href="https://www.virustotal.com/gui/ip-address/188.114.96.0/relations" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/ip-address/</span><span class="invisible">188.114.96.0/relations</span></a>; tap ••• a couple of times).</p><p>Supporting DN's like "ing–movil.com" and "m–santander.de" *is* facilitating cybercrime, by repeatedly mis-issuing certs for them (see <a href="https://crt.sh/?q=ing-movil.com" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">crt.sh/?q=ing-movil.com</span><span class="invisible"></span></a> and <a href="https://crt.sh/?q=m-santander.de" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">crt.sh/?q=m-santander.de</span><span class="invisible"></span></a>) and by letting them hide behind a CDN (see <a href="https://www.virustotal.com/gui/domain/ing-movil.com/details" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/domain/ing-</span><span class="invisible">movil.com/details</span></a> and <a href="https://www.virustotal.com/gui/domain/m-santander.de/details" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/domain/m-sa</span><span class="invisible">ntander.de/details</span></a>).</p><p>In addition, *thousands* of DV-certs have been mis-issued - without *their* issuers getting distrusted by Google, Microsoft, Apple and Mozilla.</p><p>People have their bank accounts drained and companies get slammed with ransomware because of this.</p><p>But no Big Tech company (including the likes of Cloudflare) takes ANY responsibility; they make Big Money by facilitating cybercrime. Not by issuing "free" DV-certs, but by selling domain names, server space and CDN functionality, and by letting browsers no longer distinguish between useful and useless certs. They've deliberately made the internet insecure *FOR PROFIT*.</p><p>🌘CERT MIS-ISSUANCE ROOT CAUSE🌒<br>The mis-issuance of LE certs was caused by the unauthorized modification of customer DNS records managed by SquareSpace; this incident was further described in <a href="https://www.bleepingcomputer.com/news/security/defi-exchange-dydx-v3-website-hacked-in-dns-hijack-attack/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/defi-exchange-dydx-v3-website-hacked-in-dns-hijack-attack/</span></a>.</p><p>Note that a similar attack, also affecting SquareSpace customers, occurred on July 11, 2024 (see <a href="https://www.bleepingcomputer.com/news/security/dns-hijacks-target-crypto-platforms-registered-with-squarespace/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/dns-hijacks-target-crypto-platforms-registered-with-squarespace/</span></a>). Even if it *looks like* that no certs were mis-issued during the July 11 incident, because (AFAIK) none of them have been revoked, this does not warrant that none of them were mis-issued; such certs can still be abused by attackers, albeit on a smaller scale.</p><p>🌘MORE INFO🌒<br>Please find additional information in two followups of this toot:</p><p>🧵#2/3 Extensive details regarding Mis-issued dydx.exchange certs on 2024-07-23;</p><p>🧵#3/3 Links to descriptions of multiple other DV-cert mis-issuance issues.</p><p>🌘DISCLAIMER🌒<br>I am not (and have never been) associated with any certificate supplier. My goal is to obtain a safer internet, in particular for users who are not forensic experts. It is *way* too hard for ordinary internet users to destinguish between 'fake' and 'authentic' on the internet. Something that, IMO, can an must significantly improve ASAP.</p><p>Edited 08:16 UTC to add people:<br><span class="h-card" translate="no"><a href="https://infosec.exchange/@troyhunt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>troyhunt</span></a></span> <br><span class="h-card" translate="no"><a href="https://infosec.exchange/@dangoodin" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>dangoodin</span></a></span> <br><span class="h-card" translate="no"><a href="https://infosec.exchange/@BleepingComputer" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>BleepingComputer</span></a></span> <br><span class="h-card" translate="no"><a href="https://infosec.exchange/@agl" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>agl</span></a></span> </p><p><a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/LE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LE</span></a> <a href="https://infosec.exchange/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LetsEncrypt</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/Certs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certs</span></a> <a href="https://infosec.exchange/tags/Misissuance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Misissuance</span></a> <a href="https://infosec.exchange/tags/Mis_issuance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mis_issuance</span></a> <a href="https://infosec.exchange/tags/Revocation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Revocation</span></a> <a href="https://infosec.exchange/tags/Revoked" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Revoked</span></a> <a href="https://infosec.exchange/tags/Weaknessess" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Weaknessess</span></a> <a href="https://infosec.exchange/tags/WeakCertificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WeakCertificates</span></a> <a href="https://infosec.exchange/tags/WeakAuthentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WeakAuthentication</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Identification</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNS</span></a> <a href="https://infosec.exchange/tags/DNSHijacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNSHijacks</span></a> <a href="https://infosec.exchange/tags/SquareSpace" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SquareSpace</span></a> <a href="https://infosec.exchange/tags/Authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authorization</span></a> <a href="https://infosec.exchange/tags/UnauthorizedChanges" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UnauthorizedChanges</span></a> <a href="https://infosec.exchange/tags/UnauthorizedModifications" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UnauthorizedModifications</span></a> <a href="https://infosec.exchange/tags/DeFi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DeFi</span></a> <a href="https://infosec.exchange/tags/dydx_exchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dydx_exchange</span></a> <a href="https://infosec.exchange/tags/CryptoCoins" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoCoins</span></a></p>
Erik van Straten<p>Detailed explanation (last part) of what I wrote in <a href="https://infosec.exchange/@ErikvanStraten/112882437562055760" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/112882437562055760</span></a></p><p>————————<br>(8) Impersonation of websites (phishing)<br>————————<br>A rapidly increasing problem on the internet is impersonation of real websites as part of phishing attacks.</p><p>Domain names are just (temporary) aliases to identities - like phone numbers. They may *seem* meaningful, but most often they are not.</p><p>Usually the identity-alias relation makes some sense, but only in one direction. Most people know that google.com belongs to Google. However, having seen aka.ms or goo.gl does make at least some people believe that the .ms TLD belongs to Microsoft and .gl to Google: they do not.</p><p>Typically (again) marketeers fail to understand this in general as well as the hierarchical nature of domain names. This lunacy leads to the fact that people are supposed to remember every domain name *precisely* that an organization may use (domain names have zero fault tolerance).</p><p>For example, we learned that microsoft.com belongs to Microsoft, Inc. from Redmond, USA.</p><p>However, why would (login.) microsoftonline.com also belong to that company? What idiot "invents" such a name? Are their other servers OFFLINE or what? Why didn't they use login.microsoft.com?</p><p>And why does live.com belong to them? And passport.com, outlook.com?</p><p>Okay, if that's the case, then why would microsofsignin.com, microsoft.login.com, lookout.com, microsoft.fail and microsoft.wtf *NOT* belong to Microsoft?</p><p>This makes no sense whatsoever.</p><p>It exactly describes the problem: perhaps with some exceptions (such as .gov domains), in general, domain names do NOT necessarily have anything to do with the person or organization responsible for a website.</p><p>And precisely such information would help internet users determine whether they are visiting the website of the INTENDED ORGANIZATION.</p><p>Like in offline life, knowledge of who owns a shop does not automatically mean that the owner is reliable and trustworthy.</p><p>However, knowing (with a specific reliability) who owns a website, has some important advantages, like the ones that follow:</p><p>• As said, being able to distinguish between fake and real websites in a more reliable way;</p><p>• Based on knowing who the owner is, users can try to find information regarding the *reputation* of the owner;</p><p>• By knowing where the owner lives, they have an indication of the success of suing the owner if he/she deceives them;</p><p>• The fact that persecution of criminal website owners is more likely if they cannot hide their real identity is very likely to deter at least part of the criminals from commiiting such crimes;</p><p>• Individuals who repeatedly commit crimes may be included in block lists.</p><p>There's a lot more to be said about this topic; I may write more about this at later time.</p><p><span class="h-card" translate="no"><a href="https://beta.mstdn.cf/users/billtoulas" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>billtoulas</span></a></span> <br><span class="h-card" translate="no"><a href="https://infosec.exchange/@BleepingComputer" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>BleepingComputer</span></a></span> </p><p><a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/https" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>https</span></a> <a href="https://infosec.exchange/tags/TLS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TLS</span></a> <a href="https://infosec.exchange/tags/Encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Encryption</span></a> <a href="https://infosec.exchange/tags/Signing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Signing</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/DomainValidation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DomainValidation</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/Identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Identification</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/OV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OV</span></a> <a href="https://infosec.exchange/tags/EV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EV</span></a> <a href="https://infosec.exchange/tags/QWAC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>QWAC</span></a> <a href="https://infosec.exchange/tags/LE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LE</span></a> <a href="https://infosec.exchange/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LetsEncrypt</span></a> <a href="https://infosec.exchange/tags/MisIssuance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MisIssuance</span></a> <a href="https://infosec.exchange/tags/Revocation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Revocation</span></a> <a href="https://infosec.exchange/tags/Revoked" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Revoked</span></a> <a href="https://infosec.exchange/tags/OCSP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OCSP</span></a> <a href="https://infosec.exchange/tags/OCSPStapling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OCSPStapling</span></a> <a href="https://infosec.exchange/tags/CRL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CRL</span></a> <a href="https://infosec.exchange/tags/CertificateMisIssuance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CertificateMisIssuance</span></a> <a href="https://infosec.exchange/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNS</span></a> <a href="https://infosec.exchange/tags/DNSHijack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNSHijack</span></a> <a href="https://infosec.exchange/tags/BGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BGP</span></a> <a href="https://infosec.exchange/tags/BGPHijack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BGPHijack</span></a> <a href="https://infosec.exchange/tags/Trust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Trust</span></a> <a href="https://infosec.exchange/tags/Reliability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Reliability</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload