There's been a lot of discussion about OCSP again recently after the Apple incident caused by Big Sur. I've written up some details about what happened and thoughts for what we could/should do about it: scotthelme.co.uk/deja-vu-macos-…
Apple published a support article to address the concerns raised, here are the details and my update based on their comments: scotthelme.co.uk/deja-vu-macos-…
Apple will introduce "A new encrypted protocol for Developer ID certificate revocation checks" but are we talking OCSP over HTTPS or something else?
Apple have promised "Strong protections against server failure" so they're likely going to bolster the OCSP service with a lot more cloud.
Users won't have to block OCSP requests for developer certificates and can instead use "A new preference for users to opt out of these security protections".
• • •
Missing some Tweet in this thread? You can try to
force a refresh
1) Shorter passwords are easier to remember which is what makes them weak and easy to guess. This means it's more likely someone else will have access to it, not less likely.
@BritishGasHelp@srobertson92 2) Allowing someone to have an easy to remember 8-10 character password doesn't mean you need to prevent someone else from having an ultra-secure 64 character password. It's possible for both of these things to coexist, and they should.
@BritishGasHelp@srobertson92 3) Weak passwords do not protect customer data, they do the opposite and put customer data at risk. We should be encouraging stronger passwords and the use of password managers.
The @ubnt fairy came and I couldn’t be more excited! 😝
So here we go with the build! First up was the rack, I wanted one with wheels because of where it’s going (space restricted and can’t go on the wall). Couldn’t see one I like with wheels so I gave mine wheels!
Next was unboxing and damn Ubiquiti know how to package stuff. It’s like opening Apple products but better. I mean just look at how they package *screws*!!
As entertaining as the whole EV thing is in some respects, I do sit back and question my own knowledge and views in the background too. A very common thing that keeps coming up in defence of EV, is phishing. I did some reading and here are a few interesting things.
Every piece of data I've looked at so far, including PhishLabs and the APWG, show that phishing is on the rise and it's a massive problem. I believe and hope that everyone will agree with that, but there are interesting stats around phishing on HTTPS.
Look at this Netcraft data on certificate issuance to phishing sites, that's quite a remarkable trend and indicates a shift of phishing sites moving from HTTP to HTTPS.
source: news.netcraft.com/archives/2017/…