[kwlug-disc] Blue Coat

Bob Jonkman bjonkman at sobac.com
Sat May 28 15:11:39 EDT 2016 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There are trusted CAs in the browser, and there are trusted CAs in the
OS.  Untrusting one of these CAs works only until the next browser
update or OS CA store update.

I used to diligently untrust CAs like DigiNotar and Comodo, both of
which have issued bogus certificates in the past. It's yet another
game of computer whack-a-mole, they keep on popping up as fast as you
can beat them down. I don't do that any more; now I just hold my
breath and hope I don't get pwnd.

- --Bob.

 (and yes, there are several Blue Coat people in the KWLUG community)



On 2016-05-28 02:50 PM, CrankyOldBugger wrote:
> I ran the fix on my one Windows box, it was easy enough to do.
> Just a matter of installing the certificate, but you install it to
> the "Untrusted" section.
> 
> I haven't done my Linux boxes yet, but I'm hoping it's a similar
> procedure.
> 
> 
> 
> On Sat, 28 May 2016 at 14:39 B.S. <bs27975.2 at gmail.com> wrote:
> 
>> Interesting, thanks for the heads up.
>> 
>> Little puzzled, though, as I expect most certificates get
>> consulted by browsers, not the OS. No doubt it applies for
>> trusted mac/windows software/OS updates. i.e. I would have
>> thought they would focus more on what it means to browsers, not
>> OS'.
>> 
>> Anyone got links on the Blue Coat 'issue' in terms of impact upon
>> Linux?
>> 
>> Regardless, that there are '"man in the middle" devices' out
>> there is ... disturbing. I get that there are Sandvine boxes out
>> there between me and my internet provider, but not much I can do
>> about that. That there are other (devices) out there is ...
>> <ick>.
>> 
>> 
>> On 05/28/2016 02:24 PM, CrankyOldBugger wrote:
>>> I don't know if any of the fine people on this list work at
>>> Blue Coat,
>> but
>>> there's some troubling news out there...
>>> 
>>> 
>> http://null-byte.wonderhowto.com/how-to/untrust-suspicious-blue-coat-certificate-authority-mac-windows-0171364/
>>
>>
>>
>> 
_______________________________________________
>> kwlug-disc mailing list kwlug-disc at kwlug.org 
>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>> 
>> 
> 
> 
> 
> _______________________________________________ kwlug-disc mailing
> list kwlug-disc at kwlug.org 
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Ensure confidentiality, authenticity, non-repudiability

iEYEARECAAYFAldJ7WQACgkQuRKJsNLM5erKlQCfe34j/nGXHvh4+zTNfm8Gq+qU
myoAoNbSKTgPVpPxtg0ArKLcUPO/C3nn
=e/Rm
-----END PGP SIGNATURE-----

More information about the kwlug-disc mailing list