(follow.agwa.name)

482 points sanqui | 1 comments | 30 Nov 24 21:35 UTC | HN request time: 0.213s | source

Show context

xyst ◴[01 Dec 24 03:46 UTC] No.42286021[source]▶

>>42284202 (OP) #

So an incompetent CA is trusted by an even more incompetent company, Microsoft?

Is anybody else surprised at this point?

replies(1): >>42286032 #

ed_mercer ◴[01 Dec 24 03:49 UTC] No.42286032[source]▶

>>42286021 #

Microsoft is many things but not incompetent.

replies(3): >>42286390 #>>42286528 #>>42286737 #

cookiengineer ◴[01 Dec 24 05:58 UTC] No.42286528[source]▶

>>42286032 #

From a security standpoint that's debatable.

Multiple RCEs and critical CVEs cannot be fixed because Microsoft "lost" the source code. So they disclosed those RCEs but without any solution or fix.

(Not kidding, sadly, look it up, there also have been occasional binary patches because of the same reason)

[1] https://msrc.microsoft.com/update-guide

replies(2): >>42287449 #>>42287689 #

1. meiraleal ◴[01 Dec 24 10:56 UTC] No.42287689[source]▶

>>42286528 #

> From a security standpoint that's debatable.

still not incompetence if what they gain from it is bigger than what their customers lose, unfortunately.

↑

A Brazilian CA trusted only by Microsoft has issued a certificate for google.com