Jump to content

Root Certificates and Revoked Certificates for Windows XP


heinoganda

Recommended Posts

I don't want to exaggerate now, but if you are so insecure and already want to delete certificates, then you should strictly avoid the Internet.
Alternatively, only separate, secure end-to-end encryption of all data transfers that you control all by yourself would remain.

You are not fully secure on internet, it was so and it will be so in future.

Link to comment
Share on other sites


4 hours ago, Sampei.Nihira said:

do we proceed to disabling all QuoVadis?

That sounds like overkill to me. They only signed one DarkMatter certificate; presumably the vast majority of certificates signed by QuoVadis are fine.

If DarkMatter makes it into Microsoft's, New Moon's, or Basilisk's trusted root store, you could start deleting their certificates. (If DM makes it into Mozilla's trusted root store, presumably it would have no effect on XP users since we aren't getting updates from Mozilla anymore anyway.)

Link to comment
Share on other sites

6 hours ago, Sampei.Nihira said:

In the comments it is reported that ProtonMail no longer works without QuoVadis.

That is a normal behavior, if the service (server) you will connect to has a certificate chain where you have deleted the root or intermediate certificate.

So the connection is unsafe and will not established.

This is the way it works...

Link to comment
Share on other sites

16 hours ago, Thomas S. said:

Alternatively, only separate, secure end-to-end encryption of all data transfers that you control all by yourself would remain.

So I guess then MEGA would be the only file sharing site and webpage to use since they have end to end encryption on all their file transfers?

Link to comment
Share on other sites

7 hours ago, Gamer said:

So I guess then MEGA would be the only file sharing site and webpage to use since they have end to end encryption on all their file transfers? 

Not if YOU do not control the encryption - and be shure YOU have set it up right.

It doesn't matter wich service you choose, they are all safe, more or less, or not  :blushing:

For excample: if you use veracrypt with high encryption you can store data on NSA file servers - may be they will be read the data in about 2.000 years :)

You have to understand that it is a difference to send data via a safe (encrypted) connection (so aMan In The Middle can't read this transfer) or you encrypt the data before you give it away. In all cases, if you whish that the data is readable on the other side: IT IS UNSAFE (because you give it away and do not know what is done with it).

This is so here in internet, the normal living...

 

Link to comment
Share on other sites

And this is full encrypted data as it will be shown at the "other side".

I have the key to encrypt this message, no one else...

If I give the key away so you can encrypt this data it will be unsafe again.

-----BEGIN PGP MESSAGE-----

hQEMA8przaPfIOM9AQgAnIjm3hKawEVkIQuNWSs+b2s1ZJQRP5+QDKBDGWw3MAwF
9Qsnl1mPKZDImE3IbZqZ5fOZcBjtpz8zsfS8QigCt7lpKRLKXcVyb8R6KU71UeFS
zjMyHfopAjm+1y+ntnzP+mGB0r1xjEOAghwCVU7VQUE9we0Sqpfsf1ejz4tKjCm8
MGEj4QmSMCXduNWEhrbu2ipAMvDkaoRarfXHWRf7vJw+pA9+wZQpx94wiSClEI2l
VwAAeTDR7J9IxdRRF36LZ4d8+hyjwcpa2HZnVQtOoCGP+9xb0VitV/14ZFE7a5WS
kd4dxSc/tS6pEt9BThvmlvRwS5T+t2bcJdS+G6SU29J/ARDFagCL0um/LoW1Hrv/
8LUnKnCruwxv2WOxH+VdRM6hlUu0qZd25G+LHTxk9lXLRspkDawd6X8XMb1bX3bG
XI8eeNb8EfWLRV9VmV+P/gJ/8A25JKXdtgXVz+Gyp1o1zbMK+AlV7SghN6dAYGBj
U9HC17cTa9MLoiww8ymjog==
=sa7X
-----END PGP MESSAGE-----

 

Link to comment
Share on other sites

On 2/26/2019 at 5:06 AM, Thomas S. said:

Not if YOU do not control the encryption - and be shure YOU have set it up right.

It doesn't matter wich service you choose, they are all safe, more or less, or not  :blushing:

For excample: if you use veracrypt with high encryption you can store data on NSA file servers - may be they will be read the data in about 2.000 years :)

You have to understand that it is a difference to send data via a safe (encrypted) connection (so aMan In The Middle can't read this transfer) or you encrypt the data before you give it away. In all cases, if you whish that the data is readable on the other side: IT IS UNSAFE (because you give it away and do not know what is done with it).

This is so here in internet, the normal living...

 

...so we should all encrypt everything we throw up on the cloud just to be sure even they broke through they would need to decrypt the files to read them? And on top of that use a cloud service like mega that has end to end encryption on top of that?

Link to comment
Share on other sites

1 hour ago, Gamer said:

...so we should all encrypt everything we throw up on the cloud just to be sure even they broke through they would need to decrypt the files to read them? #1

And on top of that use a cloud service like mega that has end to end encryption on top of that? #2

#1 Yes (if you are anxious or want to store very personal data there) or you do it as a precaution.

#2 No, if the data is encrypted the mega safe connection brings no higher safety for this data.

Link to comment
Share on other sites

37 minutes ago, Thomas S. said:

#1 Yes (if you are anxious or want to store very personal data there) or you do it as a precaution.

#2 No, if the data is encrypted the mega safe connection brings no higher safety for this data.

OH....But mega's safe encryption would be equivalent wouldn't it? Or am I misunderstanding...? Because I read somewhere that they cannot decrypt any of the files you send over to the their storage servers to sharing or archival purposes even if they wanted to.....so that means you could upload and share pirated content and they won't know.....until they get bugged by a take down notice from an authority who finds out later......or something....but then I guess they would have to download from the url(that is presumable given by the authority figure that is wanting to take the pirated content down with) to verify the content you're sharing is indeed pirated or not and then take it down.....and then maybe warn you or even ban you from it.....maybe....

Link to comment
Share on other sites

37 minutes ago, Gamer said:

Or am I misunderstanding...? #1

so that means you could upload and share pirated content and they won't know... #2

#1 May be.

Let me explain it differently, a little futuristic (only a thought).

A large amount of money (the data) is to be kept safely in a different location.

1. "encrypted transport"
I hire a totally safe transport company to put the money in their armored vehicle and they drive it to the bank.
As long as no one breaks in, that's quite safe, but if it is so, then the money is gone. At the bank, the money can be seen again as normal, to count, it is stored there as money in the safe.

2. the other possibility: "encrypt the money!"

I convert the money into another "thing" (a little grey stone?), which is completely worthless to others. Only I know of a way to turn the worthless thing back into the valuable money.

Now I can drive it with a normal car to the bank safe, nobody do know about what it is or the value it has... Don't think about stolen this thing, I have a copy of it at home, in my pocket, grandma has one :D...

And one of the the copies is enough to get it back full... But if I lost the knowledge about the way to turn the worthless thing back... Huh...

#2 shure?

Edited by Thomas S.
Link to comment
Share on other sites

2 hours ago, Thomas S. said:

#1 May be.

Let me explain it differently, a little futuristic (only a thought).

A large amount of money (the data) is to be kept safely in a different location.

1. "encrypted transport"
I hire a totally safe transport company to put the money in their armored vehicle and they drive it to the bank.
As long as no one breaks in, that's quite safe, but if it is so, then the money is gone. At the bank, the money can be seen again as normal, to count, it is stored there as money in the safe.

2. the other possibility: "encrypt the money!"

I convert the money into another "thing" (a little grey stone?), which is completely worthless to others. Only I know of a way to turn the worthless thing back into the valuable money.

Now I can drive it with a normal car to the bank safe, nobody do know about what it is or the value it has... Don't think about stolen this thing, I have a copy of it at home, in my pocket, grandma has one :D...

And one of the the copies is enough to get it back full... But if I lost the knowledge about the way to turn the worthless thing back... Huh...

Ah that's a pretty good analogy! :) I've played quite a bit of video games to know armored vehicles can be jacked easily and money stolen....and if that's true then it is true in real life too....including being able to break the encryption transportation....

 

Yes the other method is slightly better because even the armored vehicle is jacked (in the case of two layers of encryption), then they would probably look at the item thinking it's just a worthless rock (and won't have any current worth to them) and that they wasted time jacking the armored vehicle... BUT if you're someone like me who's a hoarder(or looter in this case and loot everything and anything even if they are currently worthless - that's usually my playstyle when I play games that have loot has a loot system.....I literally clean up an area before I move on, and if I can't carry it all I'll come back to it until they are all gone...the annoying part is if the level resets including all loot chests or storage containers....because then it's impossible to clean up the area...), they might even keep it anyways on the off chance it'd be *useful* in future....

 

So in the end you could still lose....

2 hours ago, Thomas S. said:
3 hours ago, Gamer said:

so that means you could upload and share pirated content and they won't know.....

#2 shure?

.....well I did continue with this:

3 hours ago, Gamer said:

.....until they get bugged by a take down notice from an authority who finds out later......or something....but then I guess they would have to download from the url(that is presumable given by the authority figure that is wanting to take the pirated content down with) to verify the content you're sharing is indeed pirated or not and then take it down.....and then maybe warn you or even ban you from it.....maybe....

Because originally, they won't notice UNLESS they do actually monitor files you upload and check them manually as they get passed onto their file servers....in which case they must have got a lot of man power and time to do that.....

 

I take it that you've had experience with this? Uploading something MEGA didn't like and got banned for it before you even had the chance to share the URL? :P

Edited by Gamer
paragraph
Link to comment
Share on other sites

6 hours ago, Gamer said:

I take it that you've had experience with this? Uploading something MEGA didn't like and got banned for it before you even had the chance to share the URL?

No no. I have a - hm - paranoid relationship with the internet :D

I am not in any of this Asocial media like Facebook, don't share much personal data - but I can share many informations (eg here) and I don't use encryption of email very much, only sometimes. On online banking I am using only very strange encryption / software / security equipment like smartcard authentication + pin.

So it still depends on the data I give away...

And I am informed about the real security issues, trust not the blahblah about Win10 is a safe OS :no:

Link to comment
Share on other sites

  • 4 weeks later...

CertUpd.jpg

Update for root certificates:

New:

CN = Autoridade Certificadora Raiz Brasileira v5
OU = Instituto Nacional de Tecnologia da Informacao - ITI
O = ICP-Brasil
C = BR

CN = NAVER Global Root Certification Authority
O = NAVER BUSINESS PLATFORM Corp.
C = KR

CN = RCSC RootCA
O = VI Registru centras- i.k. 124110246
OU = RCSC
C = LT

 

Those using heinoganda's Cert_Updater.exe should run it ASAP. Others needing a redistributable rootsupd.exe should follow his instructions for creating their own, or PM at 5eraph for an updated EXE file.
 

:)

Link to comment
Share on other sites

  • 1 month later...

CertUpd.jpg

Update for root certificates:

New:

CN = Trustwave Global Certification Authority
O = Trustwave Holdings, Inc.
L = Chicago
S = Illinois
C = US

CN = Trustwave Global ECC P256 Certification Authority
O = Trustwave Holdings, Inc.
L = Chicago
S = Illinois
C = US

CN = Trustwave Global ECC P384 Certification Authority
O = Trustwave Holdings, Inc.
L = Chicago
S = Illinois
C = US

CN = VRK Gov. Root CA - G2
OU = Varmennepalvelut
OU = Certification Authority Services
O = Vaestorekisterikeskus CA
C = FI

 

Those using heinoganda's Cert_Updater.exe should run it ASAP. Others needing a redistributable rootsupd.exe should follow his instructions for creating their own, or PM at 5eraph for an updated EXE file.

:)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...