The Black Vault Message Forums

Discover the Truth!        

Information Technology / Computer Talk

https means nothing

A forum where you can view tech and computer related articles and exchange tips and advice. Need help with a computer problem? This is the forum for you!

Postby SigFLUP » Mon Nov 16, 2009 12:46 am

You fellas probably should know that ssl has been largely broken for some months. Mainly by this guy named moxie marlinspike. Here where he talks about how it's done.
AUDIO LINK

Mostly renders ssl useless, so don't trust your certificates authority. Don't do on-line banking and don't send sensitive information over the wires like credit-card numbers. ssl is now broken and this is an interesting panel you should listen to it.
User avatar
SigFLUP
 
Posts: 9
Joined: Thu Nov 12, 2009 10:05 pm

Postby mrmonsoon » Tue Oct 05, 2010 8:13 am

For those less computer knowledgeable....

HTTPS:Hyper Text Transfer Protocol Secure

This is supposed to add a layer of security for doing things like online purchases and such.

What the OP means is that as far as security is concerned, it is a big failure.

Hackers have gotten into HTTPS and SSL so they are no longer secure.
mrmonsoon
 
Posts: 90
Joined: Sun Oct 03, 2010 4:40 pm

Postby chrisv25 » Mon Dec 20, 2010 6:05 pm

this is what i do for a living (A+, N+, cisco, MSCP) and i hate to tell you...

There is a fundamental flaw in internet architecture that make any site vulnerable to a man in the middle attack no matter how well encrypted or secured or tied up with a pretty bow :) this includes ARPANET, MILnet, and just about any WAN. if you want secure return to Minitel or a BBS system.

this 'flaw' will continue to be a problem until the router hash table system is dumped for something slower but more secure...personally I think the NSA and NRO put it there on purpose, but that's just speculation on my part.

But the truth is that none of us are likely targets for stealing our account info. We just don't matter that much.
chrisv25
 
Posts: 176
Joined: Mon Dec 20, 2010 3:05 am

Postby sandra » Wed Jan 05, 2011 12:16 am

Interesting information.
Its a good thing that when I do online purchasing I never
use a major credit card. I add funds
to a debit for the exact amount of the transfer.
“Living backwards!” Alice repeated in great
astonishment. “I never heard of such a thing!”
“—but there’s one great advantage in it, that one’s
memory works both ways.”
— Lewis Carroll, Through the Looking-Glass
User avatar
sandra
 
Posts: 3704
Joined: Fri Dec 04, 2009 6:27 pm
Location: Minnesota US

Postby CodeBlackv2 » Sun May 29, 2011 7:36 pm

Registering "*<null>mydomain.com" creates a certificate that is a valid substitute for every site on the net? Cooooooool! Money, money, money, money.
"I wish I had some loftier goal, but in the end it's the money." -Speed
"It's not about the money. It's about the money." -my doctor

I'm watching The Italian Job. That was about the money. Next up, Oceans 11, Entrapment and Die Hard.
User avatar
CodeBlackv2
 
Posts: 418
Joined: Wed Jul 28, 2010 7:29 pm


Return to Information Technology / Computer Talk

  • View new posts
  • View unanswered posts
  • Who is online
  • In total there are 0 users online :: 0 registered, 0 hidden and 0 guests (based on users active over the past 10 minutes)
  • Most users ever online was 292 on Mon Apr 23, 2012 3:19 pm
  • Users browsing this forum: No registered users and 0 guests