On Tue, Sep 17, 2013 at 3:57 PM, Nick Daly <nick.m.d...@gmail.com> wrote:
> If your destinations are using SSL (like they should) MITM is less of > an issue. The lovely HttpsEverywhere Firefox/Iceweasel extension > makes this as simple as possible (and should definitely be installed > on any client device). Both SSL/TLS itself and HTTPS Everywhere https://www.eff.org/https-everywhere are definitely worth using, but neither necessarily gives much resistance to MITM (man-in-the-middle) attacks. http://en.citizendium.org/wiki/Man-in-the-middle_attack MITM involves the attacker posing as someone else. The defense is cryptographic authentication that lets you be certain you are talking to the real server, not an impostor. SSL/TLS uses x.509 certificates for authentication, and that is not a reliable mechanism. My Firefox default installation trusts more than 100 certificate authorities. Some of those are controlled directly by governments seriously opposed to FBox goals -- China, Syria, ...Others might be leaned on by various governments, in particular some of the largest are US companies. Some have admitted selling bogus certs which let a company monitor its employees web use to protect "intellectual property" and corporate security. If that, why not sell to a national security organisation? Some have been broken into. _______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss