Martijn Katerbarg

66 posts

Martijn Katerbarg

@Martijn___

PKI, SSL, CA stuff, Programmer, Tinkerer, Datahoarder, Homelab and retro tech enthusiast, Compliance dude apparently. Work@Sectigo. Tweets are mine

Stockholm, Sweden Katılım Mart 2022

68 Takip Edilen47 Takipçiler

Martijn Katerbarg retweetledi

Ryan Hurst@rmhrisk·12 Nis

CABForum SCWG Ballot SC-081 just passed! WebPKI certificate maximum validity periods will now reduce according to this schedule:

English

3.7K

Martijn Katerbarg retweetledi

Ryan Hurst@rmhrisk·8 Mar

Who wants to lose money on a browser that is so open source nearly every competing browser is just a clone with a thin veneer? I don’t see how this serves users, the Chrome team does so much more for the internet than release Chrome itself what happens to that work?

WIRED@WIRED

In its final proposed remedy filing in the Google antitrust case, the Department of Justice reiterated that Google should stop paying partners for search placement—and divest its dominant Chrome browser. wired.com/story/the-doj-…

English

848

Martijn Katerbarg@Martijn___·24 Şub

@0x4a45 Status är nu ändrat till "Uploading". Oklart om det blir publikt eller inte

Svenska

216

Jesper@0x4a45·22 Şub

Sportadmin-ransomhub update: Efter att i flera dygn stått som "Published" (utan någon länk till materialet). Verkar det nu pågå en Auktion, och datan verkar säljas istället för att publiceras öppet.

Svenska

917

Martijn Katerbarg@Martijn___·24 Şub

@KarlEmilNikka Status är nu ändrat till "Uploading". Oklart om det blir publikt eller inte

Svenska

Karl Emil Nikka@KarlEmilNikka·22 Şub

Efter några dagars tysthet har Ransomhub uppdaterat status för Sportadmin-läckan. Utpressarna säger nu att de ska auktionera datan. Ransomhubs hantering tyder på att de tror att andra än Sportadmin är villiga att betala för den stulna datan. sakerhetskollen.se/aktuella-brott… #Sportadmin

Svenska

1.3K

Martijn Katerbarg@Martijn___·22 Şub

@KarlEmilNikka

QME

Karl Emil Nikka@KarlEmilNikka·18 Şub

Ransomhubs nedräkningstimer för Sportadmin gick precis ut. Timern är utbytt mot texten ”published”. Än så länge finns det dock ingen publik nedladdningslänk till den stulna datan. #Sportadmin #Ransomhub

Svenska

1.5K

Martijn Katerbarg@Martijn___·11 Şub

@KarlEmilNikka Och återigen, nu har 7 dagar lagts till

Svenska

Karl Emil Nikka@KarlEmilNikka·9 Şub

Utpressningsgänget Ransomhub hade ursprungligen tänkt publicera den stulna Sportadmin-datan strax efter lunch. Enligt deras webbplats har de nu gett Sportadmin drygt två dygn till. #Sportadmin #Ransomhub

Svenska

1.9K

Martijn Katerbarg@Martijn___·10 Şub

@Totogoals @KarlEmilNikka Enligt skärmbilder så är det mycket mer. Bl. a. notiser om vem som har skyddade personsuppgifter.

Svenska

X@Totogoals·10 Şub

@KarlEmilNikka Men de har väl ”bara ” mail och telefonnummer kanske personnummer som är offentligt ändå. Vilken skada kan ske?

Svenska

Martijn Katerbarg@Martijn___·10 Şub

@KarlEmilNikka Däremot började självaste nedräkningen i första hand med kortare tid än dom flesta. Det är möjligt att om ångrade det.

Svenska

Martijn Katerbarg retweetledi

Feisty Duck@feistyduck·4 Eyl

Cryptography & Security Newsletter: Sectigo has published a meta-linter called pkimetal, which unifies several other prominent linters into a single tool. buff.ly/3MtW6gk

English

853

Martijn Katerbarg retweetledi

Ryan Hurst@rmhrisk·24 May

"On numerous instances over the last three years, e-commerce monitoring GmbH fell short of the above expectations. In light of this, we have reached the conclusion that the GLOBALTRUST 2020 certificates suffer from a loss of integrity and action is required from the perspective of ensuring web security for Chrome users" groups.google.com/a/ccadb.org/g/…

English

533

Martijn Katerbarg retweetledi

Cryptoki@Cryptoki·8 Nis

CA/Browser Forum ballot SC-067 is in discussion to require Multi-Perspective Issuance Corroboration (aka MPIC) by CAs for domain validation and CAA checks to make certain attacks on #TLS validation more difficult lists.cabforum.org/pipermail/serv…

English

3.9K

Martijn Katerbarg retweetledi

Cryptoki@Cryptoki·16 Oca

Chrome updates its CA root policy at g.co/chrome/root-po…, includes term limits, key freshness etc.

English

818

Martijn Katerbarg@Martijn___·20 Ara

@atoonk @rmhrisk @DaKnObCS Not yet, but a proposal is in the works: github.com/ryancdickson/s…

English

Andree Toonk@atoonk·20 Ara

@rmhrisk @DaKnObCS Interesting bug report. I wonder if there are any recommendations or requirements around BGP monitoring or DNS validation from multiple ASNs?

Vancouver, British Columbia 🇨🇦 English

165

Ryan Hurst@rmhrisk·20 Ara

For ages I have been advocating that all WebPKI CAs should be required to support ACME and enable third-party testing via that interface and @DaKnObCS provided an excellent example of why in this bug. MUCH RESPECT. #c13" target="_blank" rel="nofollow noopener">bugzilla.mozilla.org/show_bug.cgi?i…

English

2.3K

Martijn Katerbarg retweetledi

Nicolas Grégoire@Agarri_FR·9 Kas

Not your typical SQLi vector... 😈

Jia Hao@Chocologicall

I've finally published the advisories regarding the Trend Micro bugs that I shared at #HITCON! Do check them out at @starlabs_sg's advisory page: starlabs.sg/advisories/ 🏌️‍♂️CVE-2023-32530 is an interesting case of SQLi to RCE: starlabs.sg/advisories/23/…

English

312

48.5K

Martijn Katerbarg retweetledi

Wiz@wiz_io·18 Eyl

🚨 BREAKING: Wiz Research discovers a massive 38TB data leak by Microsoft AI researchers, including 30,000+ internal Teams messages. Here's what you need to know 🧵

English

853

2.6K

964.1K

Martijn Katerbarg@Martijn___·27 Ağu

This whole AI thing, kinda made "Pics or it didn't happen" irrelevant

English

Martijn Katerbarg@Martijn___·18 Ağu

@jedisct1 How did I not know this was in the public domain

English

Frank@jedisct1·16 Ağu

MacOS 13.5 source code released github.com/apple-oss-dist…

English

2.4K

Martijn Katerbarg retweetledi

Tim Callan@TimCallan·9 May

The Root Causes podcast frequently discusses the concepts of certificate automation and Certificate Lifecycle Management (CLM). In this episode we discuss how CLM does not always entail automation and vice versa - and why it matters. soundcloud.com/tim-callan/roo…

English

Martijn Katerbarg retweetledi

Sectigo@SectigoHQ·26 Nis

Our team had a great second day at @RSAConference yesterday! Our team is on site at booth #1327 to talk about how CA Agnostic #CLM can help with 90-day TLS. Additionally, #webby honoree @TimCallan gave a great talk on #QuantumComputing, explaining how organizations can prepare.