Tangy Posted October 5, 2018 Share Posted October 5, 2018 29 minutes ago, heinoganda said: @Tangy Use Regedit to delete the Cert_Updater entry (under HKEY_LOCAL_MACHINE\SOFTWARE delete Cert_Updater) and then execute Cert_updater 1.6 again. The default values are then re-entered in the registry including the change of the download URL's. Mission accomplished ! Dankeschön Link to comment Share on other sites More sharing options...
Thomas S. Posted November 1, 2018 Share Posted November 1, 2018 (edited) Today my CAupdater run his weekly update-check and found three new MS CAstore files. I don't check the changes, it install all fine. Edited November 1, 2018 by Thomas S. Link to comment Share on other sites More sharing options...
heinoganda Posted November 1, 2018 Author Share Posted November 1, 2018 (edited) There was an update for an ECC certificate, as this certificate is not supported under Windows XP and there were no other changes, so an info on this update was superfluous. New: CN = Microsoft ECC TS Root Certificate Authority 2018 O = Microsoft Corporation L = Redmond S = Washington C = US Edited November 1, 2018 by heinoganda 2 Link to comment Share on other sites More sharing options...
Thomas S. Posted November 2, 2018 Share Posted November 2, 2018 12 hours ago, heinoganda said: ...an info on this update was superfluous. O no! Otherwise we don't know what's going on. New MS files without analysis - who except you can tell what's going on... Link to comment Share on other sites More sharing options...
Jeyneko Posted November 2, 2018 Share Posted November 2, 2018 Hmm, I wonder if this means anything :3 Link to comment Share on other sites More sharing options...
heinoganda Posted November 2, 2018 Author Share Posted November 2, 2018 9 hours ago, Thomas S. said: New MS files without analysis - who except you can tell what's going on... Just compare the contents of the updated sst files to the earlier ones. Also, based on the date of the updated sst file, it may not necessarily be assumed that the content has actually changed. Since an ECC certificate under Windows XP is not taken over / processed, was on 10/31/2018 about this update an info superfluous. Link to comment Share on other sites More sharing options...
Thomas S. Posted November 5, 2018 Share Posted November 5, 2018 On 11/2/2018 at 11:09 AM, Jeyneko said: Hmm, I wonder if this means anything :3 What I meant was that I (we?) don't know what's going on. And we don't know if @heinoganda is online or not / on holiday / alive... If he has analysed the sst files (and I think he has) it's easy for him to give a short info as "new files but no change for XP" or so. Of course, it's only his decision... Technical discussion / my opinion: For me it doesn't matter, what are the changes in the files, because it is a simple update without any mystery. You can run each CAupdater (regardless which one) as planned task automatically in a given interval (built in function / with TaskScheduler). In any case, this is the best way to miss any updates. If you run the updater you get new files, install them and and the task is done. There are only small differences in the CAupdaters: the way of download (f.e. any or only newer files), interaction with the users (f.e. confirmation before or after download), writing in registry or not, logging the result... Link to comment Share on other sites More sharing options...
Thomas S. Posted November 28, 2018 Share Posted November 28, 2018 (edited) Info: today I have got four new sst files for roots and disallowed certs. Edited November 28, 2018 by Thomas S. Link to comment Share on other sites More sharing options...
heinoganda Posted November 28, 2018 Author Share Posted November 28, 2018 Disallowed certificates New: E = support@senncom.com CN = 127.0.0.1 OU = R&D O = Sennheiser Communications A/S L = industriparken 27, 2750 Ballerup S = Denmark C = DK E = support@senncom.com CN = SenncomRootCA OU = R&D O = Sennheiser Communications A/S L = industriparken 27, 2750 Ballerup S = Denmark C = DK Update for root certificates: New: CN = Microsoft ECC Root Certificate Authority 2017 O = Microsoft Corporation L = Redmond S = Washington C = US CN = Microsoft EV ECC Root Certificate Authority 2017 O = Microsoft Corporation L = Redmond S = Washington C = US CN = Microsoft EV RSA Root Certificate Authority 2017 O = Microsoft Corporation L = Redmond S = Washington C = US CN = Microsoft RSA Root Certificate Authority 2017 O = Microsoft Corporation L = Redmond S = Washington C = US CN = PostSignum Root QCA 4 O = Ceská pošta, s.p. 2.5.4.97 = NTRCZ-47114983 C = CZ CN = ZETES TSP ROOT CA 001 SERIALNUMBER = 001 O = ZETES SA (VATBE-0408425626) C = BE Those using heinoganda's Cert_Updater.exe should run it ASAP. Others needing a redistributable rootsupd.exe should follow his instructions for creating their own, or PM at 5eraph for an updated EXE file. 1 Link to comment Share on other sites More sharing options...
NojusK Posted November 28, 2018 Share Posted November 28, 2018 26 minutes ago, heinoganda said: Disallowed certificates New: E = support@senncom.com CN = 127.0.0.1 OU = R&D O = Sennheiser Communications A/S L = industriparken 27, 2750 Ballerup S = Denmark C = DK E = support@senncom.com CN = SenncomRootCA OU = R&D O = Sennheiser Communications A/S L = industriparken 27, 2750 Ballerup S = Denmark C = DK Update for root certificates: New: CN = Microsoft ECC Root Certificate Authority 2017 O = Microsoft Corporation L = Redmond S = Washington C = US CN = Microsoft EV ECC Root Certificate Authority 2017 O = Microsoft Corporation L = Redmond S = Washington C = US CN = Microsoft EV RSA Root Certificate Authority 2017 O = Microsoft Corporation L = Redmond S = Washington C = US CN = Microsoft RSA Root Certificate Authority 2017 O = Microsoft Corporation L = Redmond S = Washington C = US CN = PostSignum Root QCA 4 O = Ceská pošta, s.p. 2.5.4.97 = NTRCZ-47114983 C = CZ CN = ZETES TSP ROOT CA 001 SERIALNUMBER = 001 O = ZETES SA (VATBE-0408425626) C = BE Those using heinoganda's Cert_Updater.exe should run it ASAP. Others needing a redistributable rootsupd.exe should follow his instructions for creating their own, or PM at 5eraph for an updated EXE file. We are lucky that these latest roots are xp compatible Link to comment Share on other sites More sharing options...
Chociu Posted December 4, 2018 Share Posted December 4, 2018 We're lucky MS didn't pull the plug early on POSReady 2009 after realising the patches could easily be detected on XP SP3 given how controversial they're still being with forcing Windows 10 down our throats... Link to comment Share on other sites More sharing options...
Gamer Posted December 4, 2018 Share Posted December 4, 2018 Is this the same way to get these as this other guy whose attempted a different method to get the same files or are the files different to the ones you get via this method? Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted February 24, 2019 Share Posted February 24, 2019 (edited) @heinoganda Hi, what do you think about it? https://www.ghacks.net/2019/02/24/how-to-remove-darkmatter-certificates/ My situation with New Moon/Firefox 52 ESR: and I.E.8: do we proceed to disabling all QuoVadis? Edited February 24, 2019 by Sampei.Nihira Link to comment Share on other sites More sharing options...
heinoganda Posted February 24, 2019 Author Share Posted February 24, 2019 (edited) 1 hour ago, Sampei.Nihira said: what do you think about it? I do not care much about that since I know that certain global players (I'll deliberately not name names explicitly) would like to have more and more control over the Internet (check out the free and independent media (above all, do not be fooled by the TV and big Newspapers brainwash), wake up and you will understand)! Edited February 24, 2019 by heinoganda Link to comment Share on other sites More sharing options...
Mathwiz Posted February 24, 2019 Share Posted February 24, 2019 (edited) 4 hours ago, Sampei.Nihira said: https://www.ghacks.net/2019/02/24/how-to-remove-darkmatter-certificates/ From the article: Quote Load about:preferences#privacy in the Firefox address bar to open the Privacy & Security settings. On FF 52 and its forks, the Certificates tab is on Advanced preferences, not Privacy or Security preferences. You would then click "View Certificates," select the one(s) to be distrusted, click "Delete or Distrust," and confirm your choices. Of course, if you use @roytam1's builds of New Moon or Basilisk, you'll have to repeat this process each time you update (or else convince him to remove the certificates from his builds preemptively). Quote A company in control of a root CA could potentially decrypt traffic that it has access to. That's not correct. If that were the case, a big CA like DigiCert could decrypt half the Internet! A root CA generally cannot decrypt traffic of the certificates it signs. Each certificate contains only the public key, not the private key needed for decryption. The real concern is that a root CA could sign certificates of sites that haven't kept their private key secret (due to carelessness, theft, or coercion from the UAE), thus causing Mozilla browsers to trust those sites to be secure, when in fact they are not. I suppose a rogue CA could be an agent of such coercion, but I'd think whistle-blowers working for the certificate owners would soon expose such a scheme. From the EFF article: Quote Any of the dozens of certificate authorities trusted by your browser could secretly issue a fraudulent certificate for any website (such as google.com or eff.org.) A certificate authority (or other organization, such as a government spy agency,) could then use the fraudulent certificate to spy on your communications with that site, even if it is encrypted with HTTPS. That's true as far as it goes, but issuing a fraudulent certificate is only part of what's required. It would also be necessary to redirect, say, google.com to a phony website using the fraudulent certificate. That might be doable if, say, your ISP was also compromised, but you're starting to involve a lot of actors to pull off such a scheme. I could see that in China, the UAE, or Saudi Arabia, where all the ISPs are pretty much inherently compromised in order to do business in those countries at all, but it would be a lot harder to pull off in Europe or America. Edited February 24, 2019 by Mathwiz Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now