- Mar 24, 2017
- 481
Hello all,
It started with this post from Cyberstalking Suspect Arrested After VPN Providers Shared Logs With the FBI that talks about your root CAs.
Does anyone here have any advice on what root CAs that I can remove from my system without any issues? Is there an easy way to find and remove revoked CAs?
Thank you
It started with this post from Cyberstalking Suspect Arrested After VPN Providers Shared Logs With the FBI that talks about your root CAs.
HTTPS/443 needs a root CA on the device to effectively be intercepted. When we run intercepts for corporations as directed to do this via their legal department, we take our self generated RCA and implant it on the PC. Once our self generated RC is installed we can peel apart ALL of their 443 traffic without them having any knowledge of it. Spooks have been known to do this, or exploit an issued CA, etc. Which is why you need to always 'mind the store' with your CA's or you can get into some trouble. I wonder how many people reading this still have the revoked Equifax Trusted Root CA on their PC's? Go check, I bet you do. Which means you aren't minding your CA's.
Does anyone here have any advice on what root CAs that I can remove from my system without any issues? Is there an easy way to find and remove revoked CAs?
Thank you