GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Friday, 17-May-2024 16:37:34 JST Ryan Castellucci :nonbinary_flag: Ryan Castellucci :nonbinary_flag:

    LOL never trust the output of openssl x509 -noout -text

    You can stuff arbitrary printable ascii including newlines into random extensions as raw data and it'll just display it.

    https://gist.githubusercontent.com/ryancdotorg/73f298821f57b56ec328181dfa9b9ade/raw/37444b84684315b19ef50f85d4453663cfafeb96/nsa.test.pem

    In conversation about a year ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/112/455/258/036/485/965/original/57e7268e8eaec58d.png
    • Embed this notice
      Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Friday, 17-May-2024 16:39:30 JST Ryan Castellucci :nonbinary_flag: Ryan Castellucci :nonbinary_flag:
      in reply to

      I can stuff a text representation of an entire other certificate in there....

      In conversation about a year ago permalink
    • Embed this notice
      Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Friday, 17-May-2024 16:41:11 JST Ryan Castellucci :nonbinary_flag: Ryan Castellucci :nonbinary_flag:
      in reply to

      No CAs just copy the value of harmless deprecated extensions, right?

      In conversation about a year ago permalink
    • Embed this notice
      Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Friday, 17-May-2024 16:43:21 JST Ryan Castellucci :nonbinary_flag: Ryan Castellucci :nonbinary_flag:
      in reply to

      Obviously I tried ANSI escape sequences, which didn't work.

      In conversation about a year ago permalink
    • Embed this notice
      Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Saturday, 18-May-2024 05:13:54 JST Sophie Schmieg Sophie Schmieg
      in reply to

      @ryanc

      Never trust […] x509.

      Fixed that for you.

      In conversation about a year ago permalink
    • Embed this notice
      Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Saturday, 18-May-2024 05:19:26 JST Ryan Castellucci :nonbinary_flag: Ryan Castellucci :nonbinary_flag:
      in reply to
      • Sophie Schmieg

      @sophieschmieg never trust

      In conversation about a year ago permalink
    • Embed this notice
      Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Saturday, 18-May-2024 05:27:32 JST Ryan Castellucci :nonbinary_flag: Ryan Castellucci :nonbinary_flag:
      in reply to
      • Sophie Schmieg

      @sophieschmieg btw shodan dumps certificates using openssl x509 -text

      In conversation about a year ago permalink
    • Embed this notice
      Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Sunday, 19-May-2024 18:49:38 JST Ryan Castellucci :nonbinary_flag: Ryan Castellucci :nonbinary_flag:
      in reply to
      • Nicolas SAPA

      @nico Perhaps, but GnuTLS has significantly more security bugs in it than OpenSSL.

      In conversation about a year ago permalink
    • Embed this notice
      Nicolas SAPA (nico@ublog.byme.at)'s status on Sunday, 19-May-2024 18:49:42 JST Nicolas SAPA Nicolas SAPA
      in reply to
      @ryanc certtool from gnutls show "Unknown extension 2.16.840.1.113730.1.1 (not critical):" and remove the newline.
      In conversation about a year ago permalink
    • Embed this notice
      Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Sunday, 19-May-2024 18:50:58 JST Ryan Castellucci :nonbinary_flag: Ryan Castellucci :nonbinary_flag:
      in reply to
      • waldi

      @waldi Making a CA do a lot of paperwork for the next few weeks sounds fun, especially if it's Sectigo.

      In conversation about a year ago permalink
    • Embed this notice
      waldi (waldi@chaos.social)'s status on Sunday, 19-May-2024 18:50:59 JST waldi waldi
      in reply to

      @ryanc No, CA governed by CA/Browser forum will not just copy sections. Or they will have to do a lot of paperwork for the next weeks.

      In conversation about a year ago permalink
    • Embed this notice
      wr (wr@infosec.exchange)'s status on Saturday, 24-May-2025 00:05:15 JST wr wr
      in reply to

      @ryanc I was referred to this post by https://github.com/libressl/portable/issues/1171#event-17786466385

      In conversation about 8 days ago permalink

      Attachments


      1. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
        Escaping of extensions in x509 -text · Issue #1171 · libressl/portable
        OpenSSL has a longstanding bug where x509 -text does not escape characters in various extensions. (I think there may be multiple code paths for known vs unknown extensions.) The same appears to aff...
    • Embed this notice
      Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Saturday, 24-May-2025 16:49:27 JST Ryan Castellucci :nonbinary_flag: Ryan Castellucci :nonbinary_flag:
      in reply to
      • wr

      @wr Oh, interesting, I tried to do exactly this and failed. I was able to inject text just fine, but I guess I should have tried more fields..

      In conversation about 7 days ago permalink
    • Embed this notice
      wr (wr@infosec.exchange)'s status on Saturday, 24-May-2025 17:17:12 JST wr wr
      in reply to

      @ryanc the talk recording was published a few days ago https://youtu.be/0wW8lGjJuBM

      In conversation about 7 days ago permalink

      Attachments

      1. Nullcon Goa 2025: Trapped By The CLI - William Robinet
        from nullcon
        In this talk, we will present how I just discovered a vulnerability common to various TLS/SSL cryptographic toolkits by chance.I'll start by presenting my ow...

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.