From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
bounces+blu=nedharvey@blu.org] On Behalf Of Bill Ricker
On Tue, Nov 11, 2014 at 6:50 PM, Richard Pieri richard.pi...@gmail.com
wrote:
Nutshell version: pinning is what SSH has been doing with host keys since
the get-go.
On 11/12/2014 12:02 AM, Bill Ricker wrote:
( Can't imagine why this wasn't done day 1 for HTTPS also unless they
thought the initial set of CAs would have indefinite oligopoly. )
Simple: Netscape designed SSL to be easily compromised by federal
authorities. They did it that way instead of
For example:
http://arstechnica.com/security/2014/11/darkhotel-uses-bogus-crypto-certificates-to-snare-wi-fi-connected-execs/
--
Rich P.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss
On 11/8/2014 7:57 PM, Bill Ricker wrote:
Then time to read up on Certificate Pinning (really CA pinning).
https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning
Nutshell version: pinning is what SSH has been doing with host keys
since the get-go.
--
Rich P.
On Tue, Nov 11, 2014 at 6:50 PM, Richard Pieri richard.pi...@gmail.com wrote:
Nutshell version: pinning is what SSH has been doing with host keys since
the get-go.
Yes, that.
( Can't imagine why this wasn't done day 1 for HTTPS also unless they
thought the initial set of CAs would have
From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
bounces+blu=nedharvey@blu.org] On Behalf Of Edward Ned Harvey
(blu)
Additionally, if you get on the network and want to attack another client on
the same wifi connection, there's an awful lot of broadcast traffic exposure
On 11/8/2014 5:29 PM, Edward Ned Harvey (blu) wrote:
If you don't have the password to some network, the key is derived
using pbkdf2 with 4096 iterations. This means a single cpu core can
guess around 36 guesses per second.
Pyrit w/ coWPAtty on a dual RADEON HD 69xx series can exhaustively
On Thu, Nov 6, 2014 at 6:54 PM, Edward Ned Harvey (blu) b...@nedharvey.com
wrote:
tl;dr - Google HTTPS *is* safe from MITM but *only* with Chrome so
far. Rest of HTTPS not as much.
I'm not following you here.
Then time to read up on Certificate Pinning (really CA pinning).
From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
bounces+blu=nedharvey@blu.org] On Behalf Of Eric Chadbourne
I've tried two different vpn apps (avast surf easy) and both really
sucked. If I have some free time I might try rolling up an openvpn
server this weekend.
Ned -
Your comments on WiFi encryption and Insecurity of DNS are right on.
But ..
If you're connecting to secure services, then your traffic is secure, even on
the unencrypted wifi.
Maybe. Maybe not.
tl;dr - Google HTTPS *is* safe from MITM but *only* with Chrome so
far. Rest of HTTPS not
So you're concerned about people near you sniffing your wifi traffic. You
think wifi encryption will help. You're wrong, because #1 everyone near you
knows the password anyway. So even with wifi encryption, they can still sniff
your traffic.
I do not think that is accurate. Probably nobody
Edward Ned Harvey (blu) wrote:
Eric Chadbourne wrote:
Using unencrypted wifi just seems insane.
Oh. THAT is what you're concerned about? That's a little bit
insane, because nevermind the wifi near you, your traffic goes across
the whole internet. ... if you're connecting to insecure
From: Bill Ricker [mailto:bill.n1...@gmail.com]
tl;dr - Google HTTPS *is* safe from MITM but *only* with Chrome so
far. Rest of HTTPS not as much.
I'm not following you here.
If the hacker with control of the WiFi AP is working for an
organization with control of any of the many Root CA
From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
bounces+blu=nedharvey@blu.org] On Behalf Of Eric Chadbourne
I do not think that is accurate. Probably nobody around me knows my wifi
password. Cracking wifi is hard. Not like it used to be. Try it sometime.
In the old
From: Tom Metro [mailto:tmetro+...@gmail.com]
WPA-PSK and WPA2-PSK encrypt everything with per-client, per-session
keys, but those keys are derived from the Pre-Shared Key (the PSK; the
key you have to know to get on the network) plus some information
exchanged in the clear when the
On 11/04/2014 08:01 PM, Richard Pieri wrote:
On 11/4/2014 7:40 PM, Eric Chadbourne wrote:
How do I really know it's them and how do they really know it's
me? I'm scared. Can you make me feel better? ;)
SSL certificate are 100% reliable. (read: You don't.)
There's nothing to worry about.
I just signed up for comcast internet with the wifi package. Nice and
fast, no complaints. I noticed that if I sign a device into
'xfinitywifi' it stays signed in. For example I sign in at my house in
Quincy and while switching trains at Part St I notice I'm still signed
in to the
On 11/4/2014 7:40 PM, Eric Chadbourne wrote:
How do I really know it's them and how do they really know it's
me? I'm scared. Can you make me feel better? ;)
SSL certificate are 100% reliable. (read: You don't.)
There's nothing to worry about. (read: You should be.)
Don't worry, be happy.
18 matches
Mail list logo
