https root certificates are a security vulnerability. governments, hackers, and criminals can and do force certificate authorities to forge fake certificates. here's why you should be concerned and what you can do right now to protect yourself
#infosec #cybersecgirl
Very true. But I would say that itโs really hard for majority of individuals to avoid that specific vulnerability ๐ถ๐พ๐ซ
awareness first ๐ซ๐
Reminds me of the beginning of internet commercial phase and the birth of e-commerce in 90โs basically like centralisation Vs decentralisation, protocols like X.509 vs Web-of-Trust for Public Keys Infrastructure.. there are pros and cons in both approaches and sometimes a clever interoperability for instance, Revocable, self-signed TLS certificates https://github.com/ChristopherA/revocable-self-signed-tls-certificates-hack (by Christopher Allen)
"Those serious about security should use Linux (and preferably a hardened distro at that). It should also be stressed that no mobile OS can be considered in the slightest bit secure."
I wonder if he includes GrapheneOS in that. Also, which Linux distros would be ideal?
#qubesos is the by far the best and yeah, i don't think the author considered #grapheneos however, he is right that mobile is a tracking device and should not be used anything mission critical
