Welcome to the [HSX] website!

Been Gaming since 2003

Community Driven Site

Gaming, Web Development, and Support

  

 
Main Menu
 
DFG
 Home
 Join our Clan
 [HSX] Roster
 Forums
 News
 Downloads
 News Letter
 Video tutorials
 Supporters
 Uploads
 F.A.Q
· FAQ
· Docs
· Forums FAQ
 [HS] History
 Site Map
 Write a Review
 Image Repo
 WhoIs
 Twitch ID Finder
 Logout
DFG
DFG DFG DFG

 
[HSX] Donations
 
DFG
Donation
This here is a combined total of what we need to keep us going each month.

38 %

Donate

End DateMay 01
Target$25.00
Below Target$15.59
CurrencyUSD

Donators This Month
Apr 01
MrLitton
$9.41
DFG
DFG DFG DFG

 
Search our Site
 
DFG DFG
DFG DFG DFG

 
Theme Management
 
DFG
DFG
DFG DFG DFG

 
Survey
 
DFG What is your favorite game to play ATM?

WarThunder
World of Tanks
H1Z1
MechWarrior Online
ARK
WarFace
SWTOR
BattleField serier
COD Series
Diablo
Armored Warfare



Results
Polls

Votes 1102
Comments: 0
DFG
DFG DFG DFG

 
Honey Pot
 
DFG
Bots in the pot!
We have [1988] bots stopped!

DFG
DFG DFG DFG

     
DFG
 
Forum Index Members Search Usergroups
Ranks Staff Statistics Forum FAQ
Board Rules Edit your profile Login, Check Messages Log in
 


Search for at

Let's Encrypt? Let's revoke 3 million HTTPS certificates on
Post new topic Reply to topic printer-friendly view List users that have viewed this topic Thank Post Forum Index General Talk
View previous topic View next topic
PostPosted: Wed Mar 04, 2020 7:00 am Reply with quote
regchan
Please login to see this link
Get registered or Log in


Tons of TLS certs need to be tossed immediately after Go snafu
By Thomas Claburn in San Francisco 3 Mar 2020 at 19:4430 Reg comments SHARE ▼
A close-up of a HTTPS web address in a browser
On Wednesday, March 4, Let's Encrypt – the free, automated digital certificate authority – will briefly become Let's Revoke, to undo the issuance of more than three million flawed HTTPS certs.

In a post to the service's online forum on Saturday, Jacob Hoffman-Andrews, senior staff technologist at the EFF, said a bug had been found in the code for Boulder, Let's Encrypt's automated certificate management environment.

Boulder checks Certificate Authority Authorization (CAA) records to ensure that a Let's Encrypt subscriber has requested HTTPS certificates for the domain names. The bug, introduced on July 25, 2019, was an error in the way the tool's Go code iterated over the domain names.

"The proximate cause of the bug was a common mistake in Go: taking a reference to a loop iterator variable," explained Hoffman-Andrews in the bug report.

So when Boulder iterated over, for example, a group of 10 domains names that required CAA rechecking, it would check one domain name 10 times instead of checking each of the 10 domains once.

"What this means in practice is that if a subscriber validated a domain name at time X, and the CAA records for that domain at time X allowed Let’s Encrypt issuance, that subscriber would be able to issue a certificate containing that domain name until X+30 days, even if someone later installed CAA records on that domain name that prohibit issuance by Let’s Encrypt," Hoffman-Andrews continued.

A code fix was deployed about two hours after the programming blunder was discovered, though that still leaves 3,048,289 digital certificates out of about 116 million that need to be revoked. About one million of the flawed set of certs are duplicates.

Affected certificate owners, who have supposedly been notified by email, have until 0000 UTC March 4 to renew and replace their certs. The process to do so for those using the Certbot command-line tool is simple in theory:

certbot renew --force-renewal
But reports of difficulties in the Let's Encrypt forum suggest not everyone will enjoy a trouble-free update process.

Come Wednesday, Let's Encrypt, which is supported by the Internet Security Research Group (ISRG), will revoke those certs that haven't been repaired, causing visitors at affected websites to see security warnings until the problem gets remedied.

For those who may have missed or deleted the notification email, Let's Encrypt has posted a list of affected serial numbers that can be downloaded. Concerned individuals can look up their account identifier(s) for associated certificate numbers. There's also a webpage for checking whether a site relies on an affected cert. ®


Please login to see this link
Get registered or Log in

NOOB!!!

Groups NOOB!!!
Posts 20
Joined Aug 26, 2014
Status Offline
Gender Male
View user's profile Send regchan a private message Find all posts by regchan

PostPosted: Thu Mar 05, 2020 12:17 pm Reply with quote
Megaboost
Thanks for this Reg. After reading this I got my SSL re-issued for assurance.

NOOB!!!

Groups NOOB!!!
Posts 23
Joined Jan 17, 2013
Status Offline
Gender Male
View user's profile Send Megaboost a private message Visit user's website Find all posts by Megaboost

Display posts from previous:
Post new topic Reply to topic printer-friendly view List users that have viewed this topic Thank Post All times are UTC - 7 Hours [DST enabled]
Page 1 of 1


 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Powered by phpBB © 2001, 2019 phpBB Group
DFG
DFG DFG DFG
Forums ©
Copyright © HeadShotDomain 2016 By: coRpSE
SimpleBlack V2 By: Killigan
Powered By: Evolution-Xtreme