Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


heinoganda

Root Certificates and Revoked Certificates for Windows XP

Recommended Posts

I don't want to exaggerate now, but if you are so insecure and already want to delete certificates, then you should strictly avoid the Internet.
Alternatively, only separate, secure end-to-end encryption of all data transfers that you control all by yourself would remain.

You are not fully secure on internet, it was so and it will be so in future.

  • Like 1
  • Upvote 1

Share this post


Link to post
Share on other sites

4 hours ago, Sampei.Nihira said:

do we proceed to disabling all QuoVadis?

That sounds like overkill to me. They only signed one DarkMatter certificate; presumably the vast majority of certificates signed by QuoVadis are fine.

If DarkMatter makes it into Microsoft's, New Moon's, or Basilisk's trusted root store, you could start deleting their certificates. (If DM makes it into Mozilla's trusted root store, presumably it would have no effect on XP users since we aren't getting updates from Mozilla anymore anyway.)

Share this post


Link to post
Share on other sites
6 hours ago, Sampei.Nihira said:

In the comments it is reported that ProtonMail no longer works without QuoVadis.

That is a normal behavior, if the service (server) you will connect to has a certificate chain where you have deleted the root or intermediate certificate.

So the connection is unsafe and will not established.

This is the way it works...

  • Like 1
  • Upvote 1

Share this post


Link to post
Share on other sites
16 hours ago, Thomas S. said:

Alternatively, only separate, secure end-to-end encryption of all data transfers that you control all by yourself would remain.

So I guess then MEGA would be the only file sharing site and webpage to use since they have end to end encryption on all their file transfers?

Share this post


Link to post
Share on other sites
7 hours ago, Gamer said:

So I guess then MEGA would be the only file sharing site and webpage to use since they have end to end encryption on all their file transfers? 

Not if YOU do not control the encryption - and be shure YOU have set it up right.

It doesn't matter wich service you choose, they are all safe, more or less, or not  :blushing:

For excample: if you use veracrypt with high encryption you can store data on NSA file servers - may be they will be read the data in about 2.000 years :)

You have to understand that it is a difference to send data via a safe (encrypted) connection (so aMan In The Middle can't read this transfer) or you encrypt the data before you give it away. In all cases, if you whish that the data is readable on the other side: IT IS UNSAFE (because you give it away and do not know what is done with it).

This is so here in internet, the normal living...

 

Share this post


Link to post
Share on other sites

And this is full encrypted data as it will be shown at the "other side".

I have the key to encrypt this message, no one else...

If I give the key away so you can encrypt this data it will be unsafe again.

-----BEGIN PGP MESSAGE-----

hQEMA8przaPfIOM9AQgAnIjm3hKawEVkIQuNWSs+b2s1ZJQRP5+QDKBDGWw3MAwF
9Qsnl1mPKZDImE3IbZqZ5fOZcBjtpz8zsfS8QigCt7lpKRLKXcVyb8R6KU71UeFS
zjMyHfopAjm+1y+ntnzP+mGB0r1xjEOAghwCVU7VQUE9we0Sqpfsf1ejz4tKjCm8
MGEj4QmSMCXduNWEhrbu2ipAMvDkaoRarfXHWRf7vJw+pA9+wZQpx94wiSClEI2l
VwAAeTDR7J9IxdRRF36LZ4d8+hyjwcpa2HZnVQtOoCGP+9xb0VitV/14ZFE7a5WS
kd4dxSc/tS6pEt9BThvmlvRwS5T+t2bcJdS+G6SU29J/ARDFagCL0um/LoW1Hrv/
8LUnKnCruwxv2WOxH+VdRM6hlUu0qZd25G+LHTxk9lXLRspkDawd6X8XMb1bX3bG
XI8eeNb8EfWLRV9VmV+P/gJ/8A25JKXdtgXVz+Gyp1o1zbMK+AlV7SghN6dAYGBj
U9HC17cTa9MLoiww8ymjog==
=sa7X
-----END PGP MESSAGE-----

 

Share this post


Link to post
Share on other sites
On 2/26/2019 at 5:06 AM, Thomas S. said:

Not if YOU do not control the encryption - and be shure YOU have set it up right.

It doesn't matter wich service you choose, they are all safe, more or less, or not  :blushing:

For excample: if you use veracrypt with high encryption you can store data on NSA file servers - may be they will be read the data in about 2.000 years :)

You have to understand that it is a difference to send data via a safe (encrypted) connection (so aMan In The Middle can't read this transfer) or you encrypt the data before you give it away. In all cases, if you whish that the data is readable on the other side: IT IS UNSAFE (because you give it away and do not know what is done with it).

This is so here in internet, the normal living...

 

...so we should all encrypt everything we throw up on the cloud just to be sure even they broke through they would need to decrypt the files to read them? And on top of that use a cloud service like mega that has end to end encryption on top of that?

Share this post


Link to post
Share on other sites
1 hour ago, Gamer said:

...so we should all encrypt everything we throw up on the cloud just to be sure even they broke through they would need to decrypt the files to read them? #1

And on top of that use a cloud service like mega that has end to end encryption on top of that? #2

#1 Yes (if you are anxious or want to store very personal data there) or you do it as a precaution.

#2 No, if the data is encrypted the mega safe connection brings no higher safety for this data.

Share this post


Link to post
Share on other sites
37 minutes ago, Thomas S. said:

#1 Yes (if you are anxious or want to store very personal data there) or you do it as a precaution.

#2 No, if the data is encrypted the mega safe connection brings no higher safety for this data.

OH....But mega's safe encryption would be equivalent wouldn't it? Or am I misunderstanding...? Because I read somewhere that they cannot decrypt any of the files you send over to the their storage servers to sharing or archival purposes even if they wanted to.....so that means you could upload and share pirated content and they won't know.....until they get bugged by a take down notice from an authority who finds out later......or something....but then I guess they would have to download from the url(that is presumable given by the authority figure that is wanting to take the pirated content down with) to verify the content you're sharing is indeed pirated or not and then take it down.....and then maybe warn you or even ban you from it.....maybe....

Share this post


Link to post
Share on other sites
37 minutes ago, Gamer said:

Or am I misunderstanding...? #1

so that means you could upload and share pirated content and they won't know... #2

#1 May be.

Let me explain it differently, a little futuristic (only a thought).

A large amount of money (the data) is to be kept safely in a different location.

1. "encrypted transport"
I hire a totally safe transport company to put the money in their armored vehicle and they drive it to the bank.
As long as no one breaks in, that's quite safe, but if it is so, then the money is gone. At the bank, the money can be seen again as normal, to count, it is stored there as money in the safe.

2. the other possibility: "encrypt the money!"

I convert the money into another "thing" (a little grey stone?), which is completely worthless to others. Only I know of a way to turn the worthless thing back into the valuable money.

Now I can drive it with a normal car to the bank safe, nobody do know about what it is or the value it has... Don't think about stolen this thing, I have a copy of it at home, in my pocket, grandma has one :D...

And one of the the copies is enough to get it back full... But if I lost the knowledge about the way to turn the worthless thing back... Huh...

#2 shure?

Edited by Thomas S.

Share this post


Link to post
Share on other sites
2 hours ago, Thomas S. said:

#1 May be.

Let me explain it differently, a little futuristic (only a thought).

A large amount of money (the data) is to be kept safely in a different location.

1. "encrypted transport"
I hire a totally safe transport company to put the money in their armored vehicle and they drive it to the bank.
As long as no one breaks in, that's quite safe, but if it is so, then the money is gone. At the bank, the money can be seen again as normal, to count, it is stored there as money in the safe.

2. the other possibility: "encrypt the money!"

I convert the money into another "thing" (a little grey stone?), which is completely worthless to others. Only I know of a way to turn the worthless thing back into the valuable money.

Now I can drive it with a normal car to the bank safe, nobody do know about what it is or the value it has... Don't think about stolen this thing, I have a copy of it at home, in my pocket, grandma has one :D...

And one of the the copies is enough to get it back full... But if I lost the knowledge about the way to turn the worthless thing back... Huh...

Ah that's a pretty good analogy! :) I've played quite a bit of video games to know armored vehicles can be jacked easily and money stolen....and if that's true then it is true in real life too....including being able to break the encryption transportation....

 

Yes the other method is slightly better because even the armored vehicle is jacked (in the case of two layers of encryption), then they would probably look at the item thinking it's just a worthless rock (and won't have any current worth to them) and that they wasted time jacking the armored vehicle... BUT if you're someone like me who's a hoarder(or looter in this case and loot everything and anything even if they are currently worthless - that's usually my playstyle when I play games that have loot has a loot system.....I literally clean up an area before I move on, and if I can't carry it all I'll come back to it until they are all gone...the annoying part is if the level resets including all loot chests or storage containers....because then it's impossible to clean up the area...), they might even keep it anyways on the off chance it'd be *useful* in future....

 

So in the end you could still lose....

2 hours ago, Thomas S. said:
3 hours ago, Gamer said:

so that means you could upload and share pirated content and they won't know.....

#2 shure?

.....well I did continue with this:

3 hours ago, Gamer said:

.....until they get bugged by a take down notice from an authority who finds out later......or something....but then I guess they would have to download from the url(that is presumable given by the authority figure that is wanting to take the pirated content down with) to verify the content you're sharing is indeed pirated or not and then take it down.....and then maybe warn you or even ban you from it.....maybe....

Because originally, they won't notice UNLESS they do actually monitor files you upload and check them manually as they get passed onto their file servers....in which case they must have got a lot of man power and time to do that.....

 

I take it that you've had experience with this? Uploading something MEGA didn't like and got banned for it before you even had the chance to share the URL? :P

Edited by Gamer
paragraph

Share this post


Link to post
Share on other sites
6 hours ago, Gamer said:

I take it that you've had experience with this? Uploading something MEGA didn't like and got banned for it before you even had the chance to share the URL?

No no. I have a - hm - paranoid relationship with the internet :D

I am not in any of this Asocial media like Facebook, don't share much personal data - but I can share many informations (eg here) and I don't use encryption of email very much, only sometimes. On online banking I am using only very strange encryption / software / security equipment like smartcard authentication + pin.

So it still depends on the data I give away...

And I am informed about the real security issues, trust not the blahblah about Win10 is a safe OS :no:

Share this post


Link to post
Share on other sites

CertUpd.jpg

Update for root certificates:

New:

CN = Autoridade Certificadora Raiz Brasileira v5
OU = Instituto Nacional de Tecnologia da Informacao - ITI
O = ICP-Brasil
C = BR

CN = NAVER Global Root Certification Authority
O = NAVER BUSINESS PLATFORM Corp.
C = KR

CN = RCSC RootCA
O = VI Registru centras- i.k. 124110246
OU = RCSC
C = LT

 

Those using heinoganda's Cert_Updater.exe should run it ASAP. Others needing a redistributable rootsupd.exe should follow his instructions for creating their own, or PM at 5eraph for an updated EXE file.
 

:)

  • Like 3
  • Upvote 1

Share this post


Link to post
Share on other sites

CertUpd.jpg

Update for root certificates:

New:

CN = Trustwave Global Certification Authority
O = Trustwave Holdings, Inc.
L = Chicago
S = Illinois
C = US

CN = Trustwave Global ECC P256 Certification Authority
O = Trustwave Holdings, Inc.
L = Chicago
S = Illinois
C = US

CN = Trustwave Global ECC P384 Certification Authority
O = Trustwave Holdings, Inc.
L = Chicago
S = Illinois
C = US

CN = VRK Gov. Root CA - G2
OU = Varmennepalvelut
OU = Certification Authority Services
O = Vaestorekisterikeskus CA
C = FI

 

Those using heinoganda's Cert_Updater.exe should run it ASAP. Others needing a redistributable rootsupd.exe should follow his instructions for creating their own, or PM at 5eraph for an updated EXE file.

:)

  • Like 2

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...