Posted by smartypants | in technology (edited )

coding defects in SSL chain logic make these 2001 "almost immortal" root certs very problematic after sept 30 2021

if you read all the info you will see how this is a huge problem, especially for devices and os images that have been turned off dormant for 2 years, or incapable of kernel level OS updates.

Arrrrrrrrgh!!!! Idiocy.

Solution in never mentioned EVER, by any of these low IQ IT writers, but the trick I use is to disable all external clock updates, force time to BEFORE Sept 2021, and then connect to internet and patch or install signed patches... with clock set invalid.

Android 7 ? fucked
Android 6 ? fucked
Android 5 ? fucked
Older iOS? fucked
everything in your house with little WiFi chips? fucked.

10% of earths devices are fucked, especially for remote updates.

THESE are all fucked, deep in OS :

  • Windows XP SP2
  • Windows XP SP1
  • Windows XP SP3 if Automatic Root Certificate Update is manually disabled
  • macOS 10.12.0 (2016) and older macOS
  • Mac OSX 10.11.0 (September 30, 2015) and older Mac OSX
  • iOS 9 on iPads
  • iOS 8 or older on iPads
  • iPhone 4 or older Millions of old Apple Devices used as Wifi browsers and Phones
  • (iPhone 5 and above can upgrade to iOS 10 and can thus trust ISRG Root X)
  • Android 7.1.0 or older for SOME fucntions.
  • (Android >= 2.3.6 will work by default for some web sites, but SSL is not just for web sites)
  • Mozilla Firefox 49.X or older
  • Ubuntu < xenial (< 16.04 even with updates applied)
  • Debian < jessie "8" (even with updates applied)
  • Java 8 ? if hacked to 8u141 is OK, else Java 8 is fucked
  • Java 7 ? if hacked to 7u151 is OK, else Java 7 is fucked
  • NSS < 3.26 is fucked

This mainly affects poor people and Pajeets and Africans, but a year ago affected Roku and Stripe internet devices, so who knows what spy devices in your house all fail october 1st.



You must log in or register to comment.

dontvisitmyintentions said ()

So you're saying that old Androids and Kindles can't phone home? Sounds pretty great.


Strangeways said ()

Let me create a reminder to respond to you on Oct 1.


TallestSkil said ()

This will not be the first time a root CA certificate has expired and I imagine it will follow the same trend as previous expirations where things break.

Translation: literally nothing is happening nor will ever happen, since they’re simply going to reissue the certificate with a new date of expiry. Like every other certificate ever.


Fisuxcel said ()

Phew... my back up phone has android 8