|
moonshine is...... posted:Regarding the whole ISP's selling browsing history etc, I'm seeing a lot of people recommend a VPN as a solution. What keeps the ISP from just MITMing your traffic? half the point of a VPN is that the traffic between you and the server is encrypted
|
# ? Mar 24, 2017 19:48 |
|
|
# ? Jun 8, 2024 08:23 |
|
Truga posted:Disgusting abuse of your power! You are punishing 30,000 websites, 99.9%+ of whom are completely legitimate, in order to exact revenge against Symantec. However: screwing over 30,000+ innocent bystanders IS NOT THE WAY TO DO IT. The startcom issue was just one naughty certificate; the destruction of all startcom user websites (including mine) was a decision google made to punish startcom for lying about their business relationship with wosign. This severely hurt huge numbers of innocent bystanders again, caused irrevocable damage (no other CA offers unlimited wildcard SANs) and massive costs (startcom were 10x+ less expensive that the greedy big American CAs ripping us all of $millions for nothing more than a few DNS lookups and crypto operations). I'm not supporting Symantec, and not supporting startcom either. I'm asking that you figure out who the bad guy is, and stop punching us instead of them. The Google fist is a one-punch killer. Be ***responsible*** with how you wield that power. Execute just bad guy, don't commit genocide!!!
|
# ? Mar 24, 2017 19:50 |
moonshine is...... posted:Regarding the whole ISP's selling browsing history etc, I'm seeing a lot of people recommend a VPN as a solution. What keeps the ISP from just MITMing your traffic?
|
|
# ? Mar 24, 2017 19:51 |
|
Wiggly Wayne DDS posted:Execute just bad guy, don't commit genocide!!! Security Fuckup Megathread - v13.4 - digital genocide
|
# ? Mar 24, 2017 19:54 |
|
Wiggly Wayne DDS posted:I fail to see anything relevant you've said? Yes - we are all mad at Symantec, and random google vigilante-employees want to cause extreme pain and damage to that company: fair enough.
|
# ? Mar 24, 2017 19:55 |
|
Touche. I was not thinking through that clearly.
|
# ? Mar 24, 2017 20:00 |
|
of course the real question is how to find a VPN you can trust
|
# ? Mar 24, 2017 20:10 |
|
yeah, you're basically trusting that your vpn provider, or the vps host you use if you roll your own, is not selling your traffic instead some rando eastern european outfit offering service for $3/mo. is probably not going to be particularly well vetted
|
# ? Mar 24, 2017 20:14 |
|
You know what would be great, if we used the government to pass a law that forbade providers from doing that...wait a minute.
|
# ? Mar 24, 2017 20:21 |
|
moonshine is...... posted:Regarding the whole ISP's selling browsing history etc, I'm seeing a lot of people recommend a VPN as a solution. What keeps the ISP from just MITMing your traffic? I (very likely) could be wrong, but wouldn't using a non-your-isp dns server get around this? I use opendns' public servers and was hoping it would protect me since they wouldn't see my dns queries which are the most likely first thing anyone would look at. they can still get records from opendns, but it makes it a little harder since it's a separate warrant and may not even apply as opendns is not an isp, just a dns service.
|
# ? Mar 24, 2017 20:25 |
|
Wiggly Wayne DDS posted:The startcom issue was just one naughty certificate; the destruction of all startcom user websites (including mine) was a decision google made to punish startcom for lying about their business relationship with wosign. how dare google remove trust from a company whose only product is certificate trust for the totally irrelevant reason of them lying, it must just be for petty business reasons i literally cannot see anything else wrong here
|
# ? Mar 24, 2017 20:26 |
|
stoopidmunkey posted:I (very likely) could be wrong, but wouldn't using a non-your-isp dns server get around this? I use opendns' public servers and was hoping it would protect me since they wouldn't see my dns queries which are the most likely first thing anyone would look at. they can see your IP addresses that you're connecting to which is just as good for basically all the sites that matter e: oh you mean over the VPN? yeah generally you use a different DNS server than your ISP's if you're going over a VPN for that reason
|
# ? Mar 24, 2017 20:28 |
|
"it's just metadata" you got a call from the sexual wellness centre, then you called your doctor, a divorce lawyer, the suicide hotline twice and a realtor but we don't know what you talked about so it's ok rightttttttt
|
# ? Mar 24, 2017 20:29 |
|
Wiggly Wayne DDS posted:I'm asking that you figure out who the bad guy is, and stop punching us instead of them. The Google fist is a one-punch killer. Be ***responsible*** with how you wield that power. Execute just bad guy, don't commit genocide!!! symmantec can't tell a bad cert from not-bad certs because the flaws were one in execution of process, not a technical issue. symmantec literally can not pull just the bad certs because they didn't keep track of the process that was going wrong. symmantec keeps loving up, so it's time to drop the hammer.
|
# ? Mar 24, 2017 20:30 |
|
ate all the Oreos posted:they can see your IP addresses that you're connecting to which is just as good for basically all the sites that matter i don't know the current state of dns encryption so it's also possible they could just read your DNS queries (unless you send those over your VPN)
|
# ? Mar 24, 2017 20:36 |
|
McGlockenshire posted:symmantec can't tell a bad cert from not-bad certs because the flaws were one in execution of process, not a technical issue. symmantec literally can not pull just the bad certs because they didn't keep track of the process that was going wrong. symmantec keeps loving up, so it's time to drop the hammer. Lets look at the big picture here: it's highly unlikely that even one single Symantec cert will ever cause harm to anyone. But that's not the point: Attacking a teeny minority of PERFECTLY HONEST websites because you disagree with their CA's procedures is not about protecting users. It's about punishing Symantec but causing their customers the greatest amount of pain possible. Zero customers need to hurt here. If google wanted - they could make Symantec fix the problem. The argument is over issuance procedures: make them RE DO those procedures in an audited an compliant way. Problem fixed: no collateral damage caused. It appears like someone does not want to do that though: they want to cause the maximum pain, and are disguising their vindictive attack under the fake banner of "protect users". However: screwing over 30,000+ innocent bystanders IS NOT THE WAY TO DO IT. Look in a mirror: that's an evil bully staring back at you. You know full well this can be fixed without hurting customers, if google wanted to.
|
# ? Mar 24, 2017 20:37 |
|
this is an e-mail a colleague got
|
# ? Mar 24, 2017 20:39 |
|
Wiggly Wayne DDS posted:Hard to tell if you're just trolling now. lol
|
# ? Mar 24, 2017 20:40 |
OSI bean dip posted:this is an e-mail a colleague got Dear Sales Representative, No. Yours faithfully, OSI beanless chili.
|
|
# ? Mar 24, 2017 20:40 |
|
vOv posted:i don't know the current state of dns encryption so it's also possible they could just read your DNS queries (unless you send those over your VPN) that's what i meant, you use a DNS server over the VPN, generally the VPN will provide you with one or just say use 8.8.8.8 or something
|
# ? Mar 24, 2017 20:52 |
|
OSI bean dip posted:this is an e-mail a colleague got do you like me [ ] yes [ ] no
|
# ? Mar 24, 2017 20:52 |
|
flakeloaf posted:do you like me literally what i thought https://twitter.com/afreak/status/845362545514897409
|
# ? Mar 24, 2017 21:00 |
|
OSI bean dip posted:this is an e-mail a colleague got Dear Mr. REDACTED NAME: Attached is an email that I received on March 24, 2017. I feel that you should be aware that some rear end in a top hat is signing your name to stupid spam emails. Very truly yours, OSI bean dip
|
# ? Mar 24, 2017 21:07 |
|
moonshine is...... posted:Regarding the whole ISP's selling browsing history etc, I'm seeing a lot of people recommend a VPN as a solution. What keeps the ISP from just MITMing your traffic? vOv posted:of course the real question is how to find a VPN you can trust infernal machines posted:yeah, you're basically trusting that your vpn provider, or the vps host you use if you roll your own, is not selling your traffic instead I've been thinking about setting something up for my home network, but wondering if it is going to be too much trouble. What is wrong with this approach: 1. Algo setup on DO or GCE 2. Edgerouter setup as a VPN gateway between cable modem and wifi router This way I don't need to worry about setting up individual VPNs on each of my devices and can just not have to worry about this stuff.
|
# ? Mar 24, 2017 21:10 |
|
get 5 bux for re-enabling flash lol
|
# ? Mar 24, 2017 21:13 |
|
lol always allowed to run not even click to run
|
# ? Mar 24, 2017 21:19 |
|
BiohazrD posted:never heard of them, $8 a year is crazy. im using LE for my home certs but if i wasnt.... all that matters is that starfield is a root cert CA that's in every browser, and they can issue wildcards for $50/yr
|
# ? Mar 24, 2017 21:32 |
|
akadajet posted:get 5 bux for re-enabling flash lol
|
# ? Mar 24, 2017 22:20 |
|
akadajet posted:get 5 bux for re-enabling flash lol
|
# ? Mar 24, 2017 22:26 |
|
i think i successfully convinced my boss to install our wildcard ssl certificate on our corporate domain. he doesn't agree that things should be secure by default, but it's a wordpress instance and the login for it is unencrypted. unfortunately it looks like rackspace requires you to pay $20/month for the privilege of turning ssl on so i don't think it's going to pass bikeshedding.
|
# ? Mar 24, 2017 23:23 |
|
Wiggly Wayne DDS posted:Hard to tell if you're just trolling now. Source your quotes
|
# ? Mar 24, 2017 23:40 |
|
apseudonym posted:Source your quotes https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/eUAKwjihhBs/PirZbp-cCQAJ
|
# ? Mar 24, 2017 23:44 |
|
on that same box with the MD5 password i noticed the SSL cert had expired earlier this year so i was going to renew it. it's running Jetty and keeps its certs in a keystore, i go into the config file to see if it keeps the keystore password there and see what looks like a hash but is really just "obfuscated" like not even reversibly encrypted, obfuscated. like fourth google result was a tool that undoes it: https://github.com/arthepsy/deobf/blob/master/jetty.obf.py might as well have just base64'd it, like what's the loving point
|
# ? Mar 25, 2017 00:19 |
|
quote:At Symantec, we are proud to be one of the world’s leading certificate authorities. We strongly object to the action Google has taken to target Symantec SSL/TLS certificates in the Chrome browser. This action was unexpected, and we believe the blog post was irresponsible. We hope it was not calculated to create uncertainty and doubt within the Internet community about our SSL/TLS certificates.
|
# ? Mar 25, 2017 00:48 |
|
You are, of course, entitled to your opinion.
|
# ? Mar 25, 2017 01:44 |
|
anthonypants posted:rackspace requires you to pay $20/month for the privilege of turning ssl on hahaha what the gently caress
|
# ? Mar 25, 2017 02:16 |
|
my goth gf posted:hahaha what the gently caress probably charging for assigning a public ip
|
# ? Mar 25, 2017 02:27 |
|
CrazyLittle posted:probably charging for assigning a public ip
|
# ? Mar 25, 2017 02:31 |
|
also i posted this in the grey sec thread and people think it belongs here so here it is againanthonypants posted:I was having trouble setting up RANCID, and their documentation sucks rear end, so I thought I'd look at alternatives, and came across rConfig. It has a native web interface, and my coworkers hate Linux, so I thought I'd give it a look. Here's a few problems:
|
# ? Mar 25, 2017 03:01 |
|
|
# ? Jun 8, 2024 08:23 |
|
Security Fuckup Megathread - v13.4 - echo -ne '############# (66%)\r'
|
# ? Mar 25, 2017 03:23 |