Play all audios:
Yes, the argument presented in this article was extremely weak. Here’s a much better argument. According to Roger Grimes at Knowbe4.com: 80% of all phishing sites — specifically sites that
are the destination for links in phishing emails — use LetsEncrypt certificates. Think about the implications of that. In my organization, I can stop 80% of all phishing attacks in my
organization by revoking the trust of the LetsEncrypt Intermediate CA’s (since the browsers will display a huge warning to my users). If you work in a large organization and have to protect
it from phishing attacks, you immediately understand that this is a REALLY big deal and a HUGE opportunity! Very few, if any, legitimate sites that our users need to do business with will
use a LetsEncrypt certificate. Negative business impact is absolutely minimal. Positive impact is unmeasurable. How’s that for a value proposition? Still think LetsEncrypt is a good idea? If
so, I would guess you really don’t comprehend the problem organizations face in fighting phishing, or you don’t care about anyone that you personally know being affected by phishing.
LetsEncrypt substantially lowers the barrier for threat actors to get past basic web browser security verifications. It was a great idea that backfired in a tremendously terrible way. Just
like URL shortening.