My personal conspiracy theory is that root CAs have long been compromised somehow, but the government(s) that holds the keys can't risk letting that secret out as evidence in any court case so they must keep the knowledge secret until something bad enough happens that they could risk letting it be known.
this post was submitted on 04 Sep 2025
13 points (100.0% liked)
Technology
633 readers
297 users here now
Share interesting Technology news and links.
Rules:
- No paywalled sites at all.
- News articles has to be recent, not older than 2 weeks (14 days).
- No external video links, only native(.mp4,...etc) links under 5 mins.
- Post only direct links.
To encourage more original sources and keep this space commercial free as much as I could, the following websites are Blacklisted:
- Al Jazeera;
- NBC;
- CNBC;
- Substack;
- Tom's Hardware;
- ZDNet;
- TechSpot;
- Ars Technica;
- Vox Media outlets(including Axios, due to new changes related to trackers on their website);
- Engadget;
- TechCrunch;
- Gizmodo;
- Futurism;
- PCWorld;
- ComputerWorld;
- Mashable;
- Hackaday;
- WCCFTECH;
- Neowin;
- Jacobin;
- Yahoo;
- Newsweek.
More sites will be added to the blacklist as needed.
Encouraged:
- Archive links in the body of the post.
- Linking to the direct source, instead of linking to an article talking about the source.
Misc:
Relevant Lemmy Communities:
founded 4 months ago
MODERATORS
... what? How the hell does a CA let that slip?
Wlcome to the age when the only correct infra is the one you self-host.
CAs are like BGP, it's trust me bro all the way down
the case demonstrates the “single point of failure” vulnerability in the certificate authority ecosystem
From what I see in the article it seems it's a classic case of Croatian public sector IT being incompetent. But it doesn't seem to be that big of an issue. They were only created for internal testing and were immediately revoked. It's still not good, but the opportunity for exploit here to me seems extremely low.