Cigar Asylum Cigar Forum  

Go Back   Cigar Asylum Cigar Forum > Non Cigar Specialty Forums > Misc > General Discussion

Reply
 
Thread Tools Display Modes
Old 04-06-2011, 12:05 PM   #1
markem
Bunion
 
markem's Avatar
16
 
Join Date: Oct 2008
First Name: Mark
Location: Second Star on the Right
Posts: 22,664
Trading: (47)
HUpmann
markem has disabled reputation
Default Web Security - welcome to my world

Here is a link to an article that does an acceptable job highlighting what is the Achilles heel for secure web access (urls that include 'https', where the 's' is about security).

http://www.nytimes.com/2011/04/07/te....html?_r=1&hpw

Last fall, I taught a class on how the SSL/TLS protocols work. These protocols are what are in use with 'https'. The idea that you find out about someone's security key by getting a certificate from some place that you trust is a concept called a web of trust (for the truly geeky, google "Merkle's Tree Authentication"). Note that the protocols themselves can be absolutely secure, but if the information in the certificate is fraudulent, you get no security benefit from using that information.

The gist of it all is that security within your web browser only works when everyone plays nice. Fortunately, at this time, everyone plays nice a majority of the time. There isn't a better scheme in place and the present system is so pervasive that, in my opinion, until the fundamental protocols are broken (not likely) the system will remain in place. However, look for more controls on how certificates are added to your browser and perhaps perhaps some mechanism for auditing their validity better at the source.

Comodo is not the first major player to have this happen to, just the one that is being written about.
__________________
I refuse to belong to any organization that would have me as a member.
~ Groucho Marx
markem is offline   Reply With Quote
Old 04-06-2011, 12:18 PM   #2
shilala
Dear Lord, Thank You.
 
shilala's Avatar
6
 
Join Date: Oct 2008
First Name: Scott
Posts: 13,721
Trading: (252)
Cuaba
shilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond repute
Default Re: Web Security - welcome to my world

I just want to look at stuff. The more transparent your job is, the better you've done your job, right? Speaking on your job, if I had to do it, I'd stab myself in the neck with a fork. God Love you for taking one for the team, my brother!!!
__________________
shilala is offline   Reply With Quote
Old 04-06-2011, 12:20 PM   #3
shilala
Dear Lord, Thank You.
 
shilala's Avatar
6
 
Join Date: Oct 2008
First Name: Scott
Posts: 13,721
Trading: (252)
Cuaba
shilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond repute
Default Re: Web Security - welcome to my world

Oh, and if you guys can take care of the Nigerian Prince on Craigslist, that'd kick ass.
This week I played with him a bit, and now he's sending the FBI to get me. I don't need that kind of aggravation. The FBI doesn't even take their shoes off when they come in your house. That's just ignorant.
__________________
shilala is offline   Reply With Quote
Old 04-06-2011, 12:48 PM   #4
357
Will herf for food
 
357's Avatar
 
Join Date: Oct 2008
First Name: Mike
Location: Home is where I park it
Posts: 4,075
Trading: (9)
VR
357 is a splendid one to behold357 is a splendid one to behold357 is a splendid one to behold357 is a splendid one to behold357 is a splendid one to behold357 is a splendid one to behold
Default Re: Web Security - welcome to my world

Be careful if outside the US and using SSL (site starting with https). Many countries limit the encryption level to a low enough standard that the local government can crack it (and monitorwhat you're doing).

Just my
__________________
“Eating and sleeping are the only activities that should be allowed to interrupt a man's enjoyment of his cigar;” Mark Twain
357 is offline   Reply With Quote
Old 04-06-2011, 12:51 PM   #5
markem
Bunion
 
markem's Avatar
16
 
Join Date: Oct 2008
First Name: Mark
Location: Second Star on the Right
Posts: 22,664
Trading: (47)
HUpmann
markem has disabled reputation
Default Re: Web Security - welcome to my world

Quote:
Originally Posted by 357 View Post
Be careful if outside the US and using SSL (site starting with https). Many countries limit the encryption level to a low enough standard that the local government can crack it (and monitorwhat you're doing).

Just my
Set your browser options appropriately and the connection won't be made with weaker security than you specify.
__________________
I refuse to belong to any organization that would have me as a member.
~ Groucho Marx
markem is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -6. The time now is 01:03 AM.


Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
All content is copyrighted jointly by Cigar Asylum and the content provider.