Re: [AFMUG] OT: Google knows

Sun, 26 Feb 2017 13:50:19 -0800

I don't know if this is relevant or not, but if you're using a later-version Android (Lollypop or later), there is a built-in "WiFi Assistant" that gives you a more-or-less VPN to the cloud. It's not end to end, but it at least protects you from local WiFi hackers. 

bp
<part15sbs{at}gmail{dot}com>

On 2/26/2017 1:10 PM, Ken Hohhof wrote:



This latest security issue involving Cloudflare’s reverse proxies has 
confused me regarding encryption, HTTPS, etc.



I think they are saying that Cloudflare was offloading/accelerating 
SSL from their clients webservers, and a Cloudflare bug was leaking 
information via webpages. Normally you would think the data would be 
encrypted at that point, but evidently not, given the way the reverse 
proxy works.



Every expert seems to be saying we should change our passwords for the 
affected websites and that will fix everything.  I’m not following the 
logic.  Cloudflare leaked our private transactions, and search engines 
cached the leaked data, how does changing our password fix any of 
that?  The only good news seems to be that Google discovered the bug, 
informed Cloudflare, who fixed the bug and got search engines to 
delete most of the cached pages.  And they did it quickly and probably 
before it was exploited.



But now that we have Cloudflare and AWS and CDNs, the simple model in 
my brain of encrypted browser-webserver communication seems obsolete.  
We used to talk about man-in-the-middle attacks, but it seems like now 
there are usually a bunch of men in the middle because that’s how the 
web works.  And if the webserver is delegating SSL to the men in the 
middle, things might not be as secure as we think.


*From:*Af [mailto:[email protected]] *On Behalf Of *Josh Luthman
*Sent:* Sunday, February 26, 2017 2:54 PM
*To:* [email protected]
*Subject:* Re: [AFMUG] OT: Google knows


Wait you're comparing encrypted iMessages to Android SMS text 
messages.  Not exactly the same thing.



If you're comparing iMessage SMS to Android SMS, I fully expect 
everyone's reading them.



If you're comparing iMessage/Hangouts encrypted messages, those are 
encrypted and unable to be read.



Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373


On Sat, Feb 25, 2017 at 2:00 PM, Travis Johnson <[email protected] 
<mailto:[email protected]>> wrote:


    Nope... iMessage is encrypted and not even Apple can read the
    messages.

    Travis

    On 2/25/2017 11:47 AM, Bill Prince wrote:

        Just like iMessage and Siri.


        bp
        <part15sbs{at}gmail{dot}com>

        On 2/25/2017 8:12 AM, Travis Johnson wrote:

            Now Google will be reading all of your text messages as
            well... if you use an Android phone that is... LOL

            
https://www.cnet.com/news/google-takes-on-apple-imessage-with-enhanced-sms-for-android-rcs/


            Travis



























					Reply via email to