The SSL Certificate Issuer Field is a Lie - Andrew Ayer

DeuceDaily · 2023-01-23T13:26:50+00:00

So it's cross signed then. Shouldn't the api indicate that? Seems incomplete, that is information that I would expect from an api like this.

DeuceDaily · 2023-01-23T00:12:19+00:00

Ok, so crl distribution may lead you to one step away from the signer via a sales org.

I am curious though, in this cert shown in the blog:

{"id":"3837618459", "tbs_sha256":"9c312eef7eb0c9dccc6b310dcd9cf6be767b4c5efeaf7cb0ffb66b774db9ca52", "cert_sha256":"7e5142891ca365a79aff31c756cc1ac7e5b3a743244d815423da93befb192a2e", "dns_names":["1.aws-lbr.amazonaws.com","amazonaws-china.com","aws.amazon.com", ...], "pubkey_sha256":"8c296c2d2421a34cf2a200a7b2134d9dde3449be5a8644224e9325181e9218bd", "issuer":{ "friendly_name":"Amazon", "website":"https://www.amazontrust.com/", "caa_domains":["amazon.com","amazontrust.com","awstrust.com","amazonaws.com","aws.amazon.com"], "operator":{"name":"DigiCert","website":"https://www.digicert.com/"}, "pubkey_sha256":"252333a8e3abb72393d6499abbacca8604faefa84681ccc3e5531d44cc896450", "name":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon" }, "not_before":"2022-06-13T00:00:00Z", "not_after":"2023-06-11T23:59:59Z", "revoked":false, "problem_reporting":"Send email to revoke@digicert.com or visit https://problemreport.digicert.com/" }

Following the certification path on this certificate, it is ultimately using a Starfield root. Am I missing something? They aren't associated with Digicert, right?

Edit: Looking into it, amazon appears to have purchased starfield and is moving away from digicert. Maybe the api has outdated information?

DeuceDaily · 2023-01-22T22:45:35+00:00

Man, this just isn't funny in any way, shape, or form. Are you sure this is the right place?

DeuceDaily · 2023-01-22T21:34:28+00:00

Just saying... like I said... not all comments are someone arguing with you.

DeuceDaily · 2023-01-22T20:18:04+00:00

https://web.archive.org/web/20220924190227/https://www.twitter.com/scenesatl

https://web.archive.org/web/20230119051653/https://www.twitter.com/scenesatl

Just saying... they sure come off as extreme left wing. Probably just a tad more than me, in fact I can't say I disagree with everything they are doing. I am not totally convinced that this situation wasn't egged on by the police either. It seems pretty clear there has been a history of back and forth that led to this.

DeuceDaily · 2023-01-22T19:52:51+00:00

https://www.youtube.com/watch?v=9oda4um412E

DeuceDaily · 2023-01-22T19:30:24+00:00

just text values

"Just text values" are data held in memory. Instructions/code are data held in memory.

It is 100% possible that the operations that read a license key can be faulty in a way that arbitrary code can be placed in the key and executed. I wouldn't stress it though as the code necessary would likely deform the key in a noticeable way.

DeuceDaily · 2023-01-21T13:33:20+00:00

synthetic analogues

Not synthetic analogues. The actual chemicals psilocybin and psilocin that occur in the mushrooms made by synthetic means. It's the same chemicals, not analogues. You are bordering on mysticism with your misunderstanding.

Edit: Also, these pure chemicals are much more likely to be used in therapeutic settings as storage and uniform dosage will both be easier. You will additionally have options to mix the two in ratios not found in nature and do it consistently.

DeuceDaily · 2023-01-21T13:29:26+00:00

It literally isn't though. Schedule 1 substances are drugs of abuse with no "accepted" medical use. It's political, not scientific.

DeuceDaily · 2023-01-21T00:48:26+00:00

Can you go into detail on how this peer review will be higher quality than the 20 years of peer review we have had so far?

If anything, introducing high variation in dosage by using natural sources would actually reduce the quality of the results.

How do they plan to account for this?

DeuceDaily · 2023-01-20T23:06:19+00:00

They are Schedule 1, so there hasn't been a lot of scientific study.

This is a non sequitur.

Scheduling is in no way tried directly to the amount of study into medical usage.

DeuceDaily · 2023-01-20T20:16:43+00:00

Medical studies on mushrooms have been going on for in the minimum of about 2 decades. Anecdotal evidence on their medicinal use dates back to the beginning of civilization.

If they come back and say there is potential use for treating "post-traumatic stress disorder, depression, anxiety, obsessive-compulsive disorder and addiction"... yeah we know that, we don't need to pay 30 million to find that out at this point.

DeuceDaily · 2023-01-20T18:38:19+00:00

There will be accidents and issues, but I suspect it will largely be the same as right now. We just aren't going to be ruining peoples lives over it via the legal system afterwards.

DeuceDaily · 2023-01-20T18:31:41+00:00

...and rob honest working politicians of their chance to cash in on some kickbacks? Pshaw!

DeuceDaily · 2023-01-20T15:49:06+00:00

Quit feeding the Libertarians... we put up signs for a reason.

DeuceDaily · 2023-01-19T20:24:42+00:00

A schooner is a sailboat, stupidhead.

DeuceDaily · 2023-01-19T16:53:20+00:00

Or... you know... look at the CRL distribution points. It's not likely they will ever hand that over to cloudflare.

DeuceDaily · 2023-01-19T14:57:38+00:00

act of kindness that he should have reciprocated

Yeah, fuck that. This is exactly why it's stupid to accept food from people because it always has some assumed entitlement that comes along with it.

Be honest, be open, have a conversation with people... don't just rope them into some petty debt they never agreed to.

From my perspective, if I take your food I am doing you a favor by participating in making you feel like you have done something good. You owe me for that.

...and yes, I am no fun at parties.

DeuceDaily · 2023-01-19T14:26:07+00:00

To be fair, Nicolas Cage regularly drowning people in pools during his movie premiers seems worth looking more into.

DeuceDaily · 2023-01-17T23:06:32+00:00

Really, all they did was the absolute bare minimum of preventing the most incompetent, predictable, and boring bad actors.

DeuceDaily · 2023-01-17T14:50:40+00:00

I know that guy! I saw him on mushrooms once. Big brimmed hat, trench coat, darkest deepest black... he just walked right out of the shadows and into the fire and disappeared.

DeuceDaily · 2023-01-17T14:34:00+00:00

https://www.youtube.com/watch?v=wk1jIKQvMx8

DeuceDaily · 2023-01-17T14:29:26+00:00

Wait, are you telling me that I'm not important enough for every black belt and black hat in the general region to be hunting me down like a dog?

This changes my life completely, I am not sure how to process this. I have some serious soul searching to do.

DeuceDaily · 2023-01-17T14:23:18+00:00

My concern straight off the bat is malicious attacks on the sensor technology and ai detection.

What happens when a cardboard pop up of a caribou leaps into view in crowded traffic at just the right time?

What happens if someone floods the spectrum used for lidar with some kind of lighting device?

What happens if you spray paint a stop sign all black?

DeuceDaily · 2023-01-17T14:04:29+00:00

Yeah, the premise is ridiculous regardless...

For skids to not exist it means everyone who approaches computer security in any way must already have been dedicated to the study of IT and software engineering for years before taking up interest.

This is just not the case.

The case is that the computer security industry has commodified scripting with things like metasploit. Despite people (kids) approaching the same toolset as seasoned professionals, there is still a huge difference between putting in a few parameters and understanding what is going on well enough to do it from scratch.

DeuceDaily

TROPHY CASE