Unconfigured Ad Widget

**M76** · 09-24-2021, 6:18 AM

That’s a damn shame, have a couple old iPhones on speaker docks
for use as alarm clocks, streaming talk radio, listening to music...

Glorified alarm clocks now...

**Robotron2k84** · 09-24-2021, 10:39 AM

I.e. their root certificate store will have expired and the vendor could issue an update to address the issue.

Apple has actually been pretty good at doing this, even for dinosaur devices.

We shall see if they issue a 9.3.7 iOS patch with the new cert store. iOS 10 and above already have an updated cert.

FYI, 9.3.6 was only released 2 years ago, so don’t count it out, yet, if you have an old 4s doing some random task.

Apple would trigger a massive landfill addition without issuing a simple patch.

Macs can update their keystores manually, but I’m not sure you have access to SHA-256 on Macs before OSX Lion (10.7). I haven’t checked to see if the CA certs that are expiring will offer compatibility certs signed with SHA-1. Even so, you can compile a new OpenSSL on a Mac, and work around certain issues with the OS keystore.

.

**wpage** · 09-24-2021, 10:50 AM

Do not count on it...

**the86d** · 09-26-2021, 12:46 AM

I haven't turned on 2 XBOX 360 SLIM models in years...
Updated one just in case for a possible garage sale, before I move to TX.

Have to do the other one, just in case, as I have no clue what rev they are on... for the new owners to not return them immediately...

**SanDiego619** · 09-26-2021, 11:33 PM

I felt a great disturbance in the Force, as if millions of voices suddenly cried out in terror and were suddenly silenced.

**MyOdessa** · 09-27-2021, 9:12 AM

Oh noes, 2K all over again. How will we survive it.

**Scratch705** · 10-01-2021, 12:33 AM

i should probably plug in my xbox360 tomorrow to see if it updates.

**sealocan** · 10-01-2021, 3:02 AM

Well it's officially October 1st and my Android phone is working.

I'm not saying it's old but it does have a hand-crank to ring the switchboard operator.

**morrcarr67** · 10-01-2021, 10:49 AM

Originally posted by Scratch705

i should probably plug in my xbox360 tomorrow to see if it updates.

Well, what happened?

**SactoDoug** · 10-01-2021, 2:57 PM

This whole thing seems dumb to me. Clients don't need certificates and it is even dumber that they would have a certificate shared by millions of other devices. The whole certificate system was set up to validate the identity of web sites. It does nothing to validate the identity of a client device because your client device is not registered individually with the certificate authority. Why should a web site care what certificate is on device trying to connect to it? There is no security in presenting a shared certificate with millions of other devices.

An expired certificate on a web site is important because they are actually registered with the certificate authorities. That means the certificate authority no longer vouches for the site's authenticity. That does not happen with the consumer devices that are affected by this.

**Robotron2k84** · 10-01-2021, 5:13 PM

Please go read up on how x.509 certificate chains work.

https://sites.google.com/site/ddmwsst/digital-certificates

The root certificates validate that the server certificates presented are legitimate. The root certificates are public and reside on the device so they can’t easily be compromised. Without a valid root certificate, the web site certificates can’t be verified.

When the root certificates expire, all certificates that are signed with that root also expire, by default. That’s why new root certificates are required on the devices and all sites that were signed with the expired root have to obtain new signed certificates with a valid root.

The historical assumption that downloading updated root certificates, automatically, was subject to silent redirection and corruption of the trust chain is still a concern, today. That’s why root certificates have 10-20 year expirations and are pushed out only when absolutely necessary.

**SactoDoug** · 10-01-2021, 6:44 PM

Originally posted by Robotron2k84

Please go read up on how x.509 certificate chains work.

https://sites.google.com/site/ddmwsst/digital-certificates

Thanks for the link. So the root certificates are anther key used to validate that the certificate authority signed the certificate in question. That makes a lot more sense than the explanation in the link of the OP. I am familiar with the online certificate authorities validate certificates but did not know what role root certificates played in it.

**Robotron2k84** · 10-01-2021, 8:08 PM

**mrdd** · 10-01-2021, 10:00 PM

One of my machines partially broke yesterday evening. Took about 10 mins to update the certificate store with a new certificate. This was due to the https://letsencrypt.com guys, they are the ones who act as a certificate authority for a lot of websites out there. The problem was that one of their intermediate certificates was signed with a certificate that just ran out of time:

Code:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3
        Validity
            Not Before: Sep 30 21:12:19 2000 GMT
            Not After : Sep 30 14:01:15 2021 GMT
        Subject: O=Digital Signature Trust Co., CN=DST Root CA X3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:df:af:e9:97:50:08:83:57:b4:cc:62:65:f6:90:
                    82:ec:c7:d3:2c:6b:30:ca:5b:ec:d9:c3:7d:c7:40:
                    c1:18:14:8b:e0:e8:33:76:49:2a:e3:3f:21:49:93:
                    ac:4e:0e:af:3e:48:cb:65:ee:fc:d3:21:0f:65:d2:
                    2a:d9:32:8f:8c:e5:f7:77:b0:12:7b:b5:95:c0:89:
                    a3:a9:ba:ed:73:2e:7a:0c:06:32:83:a2:7e:8a:14:
                    30:cd:11:a0:e1:2a:38:b9:79:0a:31:fd:50:bd:80:
                    65:df:b7:51:63:83:c8:e2:88:61:ea:4b:61:81:ec:
                    52:6b:b9:a2:e2:4b:1a:28:9f:48:a3:9e:0c:da:09:
                    8e:3e:17:2e:1e:dd:20:df:5b:c6:2a:8a:ab:2e:bd:
                    70:ad:c5:0b:1a:25:90:74:72:c5:7b:6a:ab:34:d6:
                    30:89:ff:e5:68:13:7b:54:0b:c8:d6:ae:ec:5a:9c:
                    92:1e:3d:64:b3:8c:c6:df:bf:c9:41:70:ec:16:72:
                    d5:26:ec:38:55:39:43:d0:fc:fd:18:5c:40:f1:97:
                    eb:d5:9a:9b:8d:1d:ba:da:25:b9:c6:d8:df:c1:15:
                    02:3a:ab:da:6e:f1:3e:2e:f5:5c:08:9c:3c:d6:83:
                    69:e4:10:9b:19:2a:b6:29:57:e3:e5:3d:9b:9f:f0:
                    02:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Key Identifier:
                C4:A7:B1:A4:7B:2C:71:FA:DB:E1:4B:90:75:FF:C4:15:60:85:89:10
    Signature Algorithm: sha1WithRSAEncryption
         a3:1a:2c:9b:17:00:5c:a9:1e:ee:28:66:37:3a:bf:83:c7:3f:
         4b:c3:09:a0:95:20:5d:e3:d9:59:44:d2:3e:0d:3e:bd:8a:4b:
         a0:74:1f:ce:10:82:9c:74:1a:1d:7e:98:1a:dd:cb:13:4b:b3:
         20:44:e4:91:e9:cc:fc:7d:a5:db:6a:e5:fe:e6:fd:e0:4e:dd:
         b7:00:3a:b5:70:49:af:f2:e5:eb:02:f1:d1:02:8b:19:cb:94:
         3a:5e:48:c4:18:1e:58:19:5f:1e:02:5a:f0:0c:f1:b1:ad:a9:
         dc:59:86:8b:6e:e9:91:f5:86:ca:fa:b9:66:33:aa:59:5b:ce:
         e2:a7:16:73:47:cb:2b:cc:99:b0:37:48:cf:e3:56:4b:f5:cf:
         0f:0c:72:32:87:c6:f0:44:bb:53:72:6d:43:f5:26:48:9a:52:
         67:b7:58:ab:fe:67:76:71:78:db:0d:a2:56:14:13:39:24:31:
         85:a2:a8:02:5a:30:47:e1:dd:50:07:bc:02:09:90:00:eb:64:
         63:60:9b:16:bc:88:c9:12:e6:d2:7d:91:8b:f9:3d:32:8d:65:
         b4:e9:7c:b1:57:76:ea:c5:b6:28:39:bf:15:65:1c:c8:f6:77:
         96:6a:0a:8d:77:0b:d8:91:0b:04:8e:07:db:29:b6:0a:ee:9d:
         82:35:35:10

Luckily, it was easy to fix on a desktop. It should not be legal to sell devices which cannot be updated by the end user. Otherwise, it serves as an easy way to set a date of obsolescence for a device.

Unconfigured Ad Widget

Millions of devices will go off-line next week...

Millions of devices will go off-line next week...

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Calguns.net Statistics

What's Going On