Image Map Image Map
+ Reply to Thread
Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: HTTPS not working properly on here

  1. #11
    Join Date
    Jan 2010
    Location
    Central VA
    Posts
    4,645

    Default

    There are indeed "SSL Strip" proxies, with proper firewall configuration, you can even make them transparent.

  2. #12
    Join Date
    Oct 2008
    Location
    Kamloops, BC, Canada
    Posts
    5,743
    Blog Entries
    44

    Default

    Quote Originally Posted by KC9UDX View Post
    What about TOR?
    That's just asking for problems.
    = Excellent space heater

  3. #13
    Join Date
    May 2003
    Location
    Back of Burke (Guday!), Australia
    Posts
    2,908

    Default

    Quote Originally Posted by mbbrutman View Post
    Staying logged in means that you are basically sending a cookie that indicates you are logged in each time you load a page. That cookie is enough to let you make posts under your identity. So while not as bad as sending a password, it's still pretty bad - somebody can impersonate you with just the cookie.

    Any machine that sees that request packet can see the cookie. That includes your ISP and anybody sniffing packets if you are using an open WiFi hotspot. Even if you just load a page from this forum while "logged in" without sending the password, you have just given somebody what they need to impersonate you. Sending a password is slightly worse, unless you reuse passwords across multiple forums - then you are really playing with fire.

    The short story is that ranting about HTTPS seems to be uninformed. We're not going to break old machines and browsers. But we will encourage people to do their normal activities here using SSL to minimize the risk. And everybody should understand what the risk is and mitigate it properly.
    That's disturbing news. I have got a WiFi Device, though I keep it disabled.

  4. #14
    Join Date
    Mar 2011
    Location
    Atlanta, GA, USA
    Posts
    1,477

    Default

    Quote Originally Posted by mbbrutman View Post
    The short story is that ranting about HTTPS seems to be uninformed. We're not going to break old machines and browsers. But we will encourage people to do their normal activities here using SSL to minimize the risk. And everybody should understand what the risk is and mitigate it properly.
    My password is 'mikebizsexyazhel' Is that secure?
    "Good engineers keep thick authoritative books on their shelf. Not for their own reference, but to throw at people who ask stupid questions; hoping a small fragment of knowledge will osmotically transfer with each cranial impact." - Me

  5. #15

    Default

    I can see that we should be looking into other types of security too ...

  6. #16

    Default

    Quote Originally Posted by glitch View Post
    There are indeed "SSL Strip" proxies, with proper firewall configuration, you can even make them transparent.
    Most corporates do this and resign with self signed certificate. IMHO TLS should be somehow evolved to prevent this.

+ Reply to Thread

Tags for this Thread

Bookmarks

Posting Permissions

  • You may post new threads
  • You may post replies
  • You may not post attachments
  • You may edit your posts
  •