[spam][crazy][fiction][random] Non-Canon MCBoss Spinoffs

[Undescribed Horrific Abuse, One Victim & Survivor of Many]

a few years ago there was news like the german/russia mitm involving false certs
again, the recommendation was to use certificate transparency (a
post-2013 tech) more thoroughly

it's hard for me to do that as i don't tend to have secure systems,
compromises could be integrated along the path.

-

i was thinking a little of this mitm, and my own experiences of having
even new devices become quickly compromised (a scary thing), what if
it is even just shortly after boot ... how would this be done?

well, this example shows the attackers simply registered new
certificates using normal certificate authorities. for example, with
letsencrypt, if you have physical access to the target's routing
infrastructure, i imagine you can simply spoof their server to get
falsified certificates for it that any system would verify.

such a technique would be greatly helpful in compromising new devices
purchased by a target. if you had certificates for things that would
let you access it.

often i think, how can i verify certificates if my devices could be
compromised? [some amnesia confusion here]

but i think there's a little interestingness -- maybe certificate
compromises, could be part of how the devices are compromised.

the reason is i've gotten some weird certs over the years, for example
changing every week or something

it gives a potential avenue for finding a little security, having
something to think about.