Thanks for the spoof response Heinz!
So lets say I do see a wrong fingerprint. As in ghost busting who am I
gonna call!?
On Sun, Aug 31, 2014 at 10:53 PM, Heinz Diehl htd...@fritha.org wrote:
On 01.09.2014, jd1008 wrote:
As I said, the caveat of all add-on is that they are just as
On 01.09.2014, Tod Merley wrote:
So lets say I do see a wrong fingerprint. As in ghost busting who am I
gonna call!?
The person(s) who is/are responsible for the bank/netshop whatever
you're trying to communicate with. In most cases, they could connect
you with whoever operates the
On 31.08.2014, Tod Merley wrote:
I am simply seeking thoughts on the basic approach, alternatives, other
things to do to make a secure transaction environment.
When logging into your bank account (or the like) the very first time,
make a copy of its certificate/fingerprint. Every time you
On Sun, 2014-08-31 at 09:21 +0200, Heinz Diehl wrote:
When logging into your bank account (or the like) the very first time,
make a copy of its certificate/fingerprint. Every time you connect,
verify the certificates fingerprint first. If it differs,
take contact with your bank to make sure
On Sat, 2014-08-30 at 20:18 -0700, Tod Merley wrote:
What sort of security issues are indicated by redirection?
Wasn't me that suggested there were any. It were you that said you
thought they were.
But anyway... If you browse to your bank's domain name, they may bump
you to another address of
On Sat, 2014-08-30 at 19:41 -0700, Tod Merley wrote:
Ok - considering that this Fedora 20 install and FireFox browser will
only be used for Internet transactions how would you set it up to do
it's job well?
Most of them are self evident, if you know what the options mean, and
some are clearly
On 31.08.2014, Tim wrote:
Ideally, for things like banking, you really want to know the
fingerprint ahead of your first use. They should really give you a hard
copy of what to expect when you set up your account / get a new card.
I've never seen that a bank has recommended checking the
Thank you Heinz for the good suggestions regarding checking certificates
and all. As I think about it I would indeed really like to see a little
program for myself (perhaps a script can do if I can find the right tools)
which examines the entire log in procedure - perhaps from which IP(s) -
using
On 31.08.2014, Tod Merley wrote:
Thank you..
You're welcome!
Btw: for those few who do not immediately know how to localize/check the
fingerprint
of the certificate a website is using:
1. Go to the login dialog on the site you wish to enter
2. Don't insert any credentials!
3. Firefox: click
Allegedly, on or about 31 August 2014, Heinz Diehl sent:
If you don't trust the site at your first use (5.), you should verify
that the shown information really is genuine by contacting the
bank/netshop etc..
Who probably won't have a clue about how to respond to such a query
about their SSL
On 08/30/2014 08:33 PM, Tim wrote:
On Sat, 2014-08-30 at 18:39 -0600, jd1008 wrote:
3. HttpToHttps
Be prepared for various things to fail, you cannot force HTTPS with
sites that are HTTP-only.
Actually, the sites that do not support https, simply default to http.
So, such sites are still
Heinz thanks for reminding me about looking at certificates by clicking the
padlock. I also note that they have the ability to export and so I suppose
a comparison could be made through that as well.
General question - can one spoof a certificate? I suppose man in the
middle is simply nasty.
On 08/31/2014 04:02 PM, Tod Merley wrote:
Heinz thanks for reminding me about looking at certificates by
clicking the padlock. I also note that they have the ability to
export and so I suppose a comparison could be made through that as well.
General question - can one spoof a certificate?
On Sun, Aug 31, 2014 at 15:02:03 -0700,
Tod Merley todbo...@gmail.com wrote:
Heinz thanks for reminding me about looking at certificates by clicking the
padlock. I also note that they have the ability to export and so I suppose
a comparison could be made through that as well.
General question
Tim:
Be prepared for various things to fail, you cannot force HTTPS with
sites that are HTTP-only.
jd1008:
Actually, the sites that do not support https, simply default to http.
So, such sites are still browsable even with this plugin.
That wouldn't work with various virtually hosted sites
On 08/31/2014 09:45 PM, Tim wrote:
Tim:
Be prepared for various things to fail, you cannot force HTTPS with
sites that are HTTP-only.
jd1008:
Actually, the sites that do not support https, simply default to http.
So, such sites are still browsable even with this plugin.
That wouldn't work
Jd1008 - java - life without it! Possible? Better.
Remember - transactions only on the build.
On Sun, Aug 31, 2014 at 9:17 PM, jd1008 jd1...@gmail.com wrote:
On 08/31/2014 09:45 PM, Tim wrote:
Tim:
Be prepared for various things to fail, you cannot force HTTPS with
sites that are
On 01.09.2014, Tod Merley wrote:
General question - can one spoof a certificate? I suppose man in the
middle is simply nasty.
You can't spoof a certificate, but create one on your own and
present it as the real one when you're the man in the middle.
Therefore the fingerprint check. Once you
Tim:
Sensible to me is websites continue to work, with the minimal of
tracking being possible. Sensible to others is no tracking, and some
sites will fail to work. And to yet others, still, sites work
without errors or users having to make decisions about using the
sites.
jd1008:
Well
On 01.09.2014, jd1008 wrote:
As I said, the caveat of all add-on is that they are just as mysterious
with respect to their actual content as FF itself - and for that matter,
Windows and Linux and Unix/variants, are just as mysterious. I say this
because even with open source software, does
Hi all!
I have been using Windows monitored by Norton used almost exclusively to do
on line transactions and banking. The strategy is simply that I do not use
it otherwise. Transactions only.
But then the W8 laptop Norton would not update or scan!! First attempts at
fix failed and refresh and
On 08/30/2014 06:15 PM, Tod Merley wrote:
Hi all!
I have been using Windows monitored by Norton used almost exclusively
to do on line transactions and banking. The strategy is simply that I
do not use it otherwise. Transactions only.
But then the W8 laptop Norton would not update or
On 08/30/2014 05:39 PM, jd1008 wrote:
Since it is transactions you want to secure, I have advised friends
to install these firefox add-ons (not neceCELLERY :) in the same order:
Two more:
BetterPrivacy
Flash Block
The nice thing about Flash Block is that it doesn't completely block
Flash,
Thanks for responding jd1008 and Joe,
Jd1008 as you point out add-ons are unknowns. I find unknowns kinda scary
when it comes to security. I really do try to do things to limit the sites
I actually go to and very much stay away from e-mail use in the transaction
process if at all possible.
In
On Sat, 2014-08-30 at 18:39 -0600, jd1008 wrote:
3. HttpToHttps
Be prepared for various things to fail, you cannot force HTTPS with
sites that are HTTP-only.
6. Redirect Cleaner - this will prevent a website you want to visit to
redirect your browser to some other website you had no
On Sat, 2014-08-30 at 18:44 -0700, Tod Merley wrote:
The most suspicious things that ever happened while doing transactions
may have been related to re-direction. Specifically my sign on
picture and text came up wrong from time to time. My usual response
was to close the browser and re-boot
Thanks for your response Tim!
Tim said:
It's well worth going through your browser settings, and setting them
sensibly, rather than hoping some third-party add-on will sort things out
for you.
. . .
Ok - considering that this Fedora 20 install and FireFox browser will only
be used for Internet
What sort of security issues are indicated by redirection?
What would they be doing (or not doing) in the programming from their end
which would cause this?
Could problems with DNS or other parts of the IP stack be involved?
Why would closing the browser and shutting off the machine and finding
28 matches
Mail list logo
