How is it possible for a high security related standard to be so damn f*cked up? No checking of all the data, being OK with "try later" and obviously not a single thought of a problem with that. It's like owning a highly secure strongroom and leaving the key on your key rack.
@M3talWarrior Because it was made in the dark ages of the net, IE the 1990's. Not much thought was put to security. Other notable examples are the way IP space is announced (BGP, RIP etc), DNS in conjunction with SSL or mail servers and other things that were made because we scale the internet at break neck speed and the functionality is needed, and not needed to work or be secure.
@vxbinaca That's no excuse, it was meant to be a high secure standard, not a simple communication protocol. And even if it was not meant to be secure, it became the security standard for secure connections, so no one put a single thought about securing it afterwards, like actualizing the standard in a SECURE way? But wait - seems much more secure to watch the damn thing crash and stand there with no alternative... Back to the roots - goodbye online banking 'n stuff...
OCSP has been pwned by number 3 xD
punjabibb 4 weeks ago
wtf is with his hair LOL
VerifyVolatile 5 months ago 2
Well damn, this is a terrible security hole. Really bad stuff can be done with this.
2dFXman 6 months ago
@2dFXman Uh, this is WAY scarier and was doen like almost 4 years ago /watch?v=S0BM6aB90n8
Well worth the watch.
vxbinaca 6 months ago
I love this <3<3<3
YouArie 9 months ago
How is it possible for a high security related standard to be so damn f*cked up? No checking of all the data, being OK with "try later" and obviously not a single thought of a problem with that. It's like owning a highly secure strongroom and leaving the key on your key rack.
M3talWarrior 9 months ago
@M3talWarrior Because it was made in the dark ages of the net, IE the 1990's. Not much thought was put to security. Other notable examples are the way IP space is announced (BGP, RIP etc), DNS in conjunction with SSL or mail servers and other things that were made because we scale the internet at break neck speed and the functionality is needed, and not needed to work or be secure.
vxbinaca 6 months ago
@vxbinaca That's no excuse, it was meant to be a high secure standard, not a simple communication protocol. And even if it was not meant to be secure, it became the security standard for secure connections, so no one put a single thought about securing it afterwards, like actualizing the standard in a SECURE way? But wait - seems much more secure to watch the damn thing crash and stand there with no alternative... Back to the roots - goodbye online banking 'n stuff...
M3talWarrior 6 months ago