flat assembler
Message board for the users of flat assembler.

Index > Heap > how many of you access board using https://

Goto page Previous  1, 2

are you https:// to access this board?
yes, add me into counter
0%
 0%  [ 0 ]
no, not me.
86%
 86%  [ 20 ]
i just knew i could use https://
13%
 13%  [ 3 ]
Total Votes : 23

Author
Thread Post new topic Reply to topic
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel
LocoDelAssembly wrote:
The Chinese government with its Great Firewall of course. Well, I'm not so sure if the Great Firewall itself is capable of that but sure thing is that they actually warn some people not to do any protest anymore.

tom tobias wrote:
umm, other than the FBI, dept. of Homeland Security, CIA, and FCC, no one in particular, though, last I heard, State Department was getting antsy about not being in the loop, so, they may have started up their own investigatory arm. Of course, I didn't mention the DOD, for obvious reasons-->their interception capability is classified.

Very well then, there's nothing to worry about. The whole point of using TLS is to protect anything confidential as well as anything used to restrict access or authenticate you (e.g. passwords, keys, etc.)

All the above organizations couldn't care less about everyone's passwords.
As for encrypting the rest (e.g. your posts), it's even stupider since the content is not confidential at all and is readable by everyone (even without an account in our case), so security services and censors can do their job easily.

And if you're just a bit less insignificant than John Doe, most of these organizations can use the "war on terrorism" or "national security" (or anything else) to *make you* give them what they want, can abduct you and send you to one of their resorts on some island in the Indian Ocean.
Post 24 Nov 2009, 20:58
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
ManOfSteel, SSL is still protecting me from being discovered as the "anti-government bad apple", if I say "Cristina Kirchner is an incredible whore" over a secure channel, how they will know from where I've said that and identify me?

In this forum they could still caught me because it kicks users back to HTTP several times, but under HTTPS I think they can't.

I don't have to worry about this particular aspect though, they can eavesdrop my forum activity but can't take actions because of what I say, but as I've said earlier, some governments think that the "thought excess" and/or "honesty attacks" are no good and must be punished instantly.
Post 24 Nov 2009, 21:49
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Post 24 Nov 2009, 22:11
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8975
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
firesheep can hijack any http based session.......... does this make u wanna use https ?
Post 02 Nov 2010, 21:51
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17352
Location: In your JS exploiting you and your system
revolution
I already use HTTPS. But firesheep currently can't hijack this board. And I doubt this board is popular enough to warrant the firesheep writers to include it.
Post 02 Nov 2010, 22:10
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8975
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
Quote:

But firesheep currently can't hijack this board. And I doubt this board is popular enough to warrant the firesheep writers to include it.


the code for facebook is only like a few lines
Code:
// Authors:
//   Eric Butler <eric@codebutler.com>
register({
  name: 'Facebook',
  url: 'http://www.facebook.com/home.php',
  domains: [ 'facebook.com' ],
  sessionCookieNames: [ 'xs', 'c_user', 'sid' ],

  identifyUser: function () {
    var resp = this.httpGet(this.siteUrl);
    this.userName   = resp.body.querySelector('#navAccountName').innerHTML;
    this.userAvatar = resp.body.querySelector('#navAccountPic img').src;
  }
});
    
Post 10 Nov 2010, 07:43
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8975
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
luckily,,, if using firefox, try

https://www.eff.org/https-everywhere

Quote:

HTTPS Everywhere is in Beta!

HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites.

Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site.
Post 10 Nov 2010, 07:45
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8975
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
maybe a free ssl cert for this board?
https://letsencrypt.org/
Post 14 Mar 2016, 10:02
View user's profile Send private message Reply with quote
redsock



Joined: 09 Oct 2009
Posts: 360
Location: Australia
redsock
sleepsleep wrote:
maybe a free ssl cert for this board?
https://letsencrypt.org/
+1

It is easy to use and setting up decent TLS parameters isn't difficult either ( especially when using ssllabs.com to verify settings/security )

_________________
2 Ton Digital - https://2ton.com.au/
Post 14 Mar 2016, 22:33
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8975
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
i just try letsencrypt, created one for my domain, it works, the only draw back is you got to renew your cert every 90 days, maybe 10 days before 90 days,

require augeas and virtualenv.

a full year ssl from comodo is around USD 99, not cheap i say.

not sure if flat assembler under their approved open source license, they give 1 year ssl cert for open source projects. no strings attached

https://www.globalsign.com/en/ssl/ssl-open-source/
https://www.godaddy.com/ssl/ssl-open-source.aspx
Post 27 Mar 2016, 13:26
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.