CAs and other stuff

Description lol

CAs and other stuff

Postby eXtr33m » 09.13.11

They told us - nothing what is free can be good as paid, and yet they failed so much people could have been in danger. We can only hope that they will get the words of people that CA system is so shitty, highschooler could do better, but well as long as there is money in it i don't think they will give up easily..
http://www.theinquirer.net/inquirer/news/2106643/diginotar-hackers-targeted-cia-mossad-mi6
User avatar
eXtr33m
Ingame Mod
 
Posts: 806
Joined: 12.19.09
Location: @Gauss:
-----tdm:  
nick: [dswp]Jan
skill: 330.877
kills: 220
deaths: 210
ratio: 1.04
-----bomb:  
nick: [dswp]Jan
skill: 664.203

Re: CAs and other stuff

Postby SKracht » 09.13.11

meh when he released ComodoGate i thought like 'ok that smart little iranian guy stumbled about something huge, fine, but he is kind a narcissistic praisin himself and reactin to every line on twitter, idiot, will never hear of him again'.
But this one is dramatic, i read through the lists of domains and institutes that where/maybe compromised, wow.
I'm not so deeply into CAs and i stopped following his (religious) shit published on etherpads and twitter and so on but as far as i understand, the complete CA system and of course SSL are simply fucked, right? so is TOR than...
guess he made lots of money selling CA's for MITM's
User avatar
SKracht
Ingame Mod
 
Posts: 437
Joined: 05.08.09
Location: Germany

Re: CAs and other stuff

Postby eXtr33m » 09.13.11

Well if he is a single guy is questionable: Only reported attack i've heard of is on Iranian citizens (about 300 000)..
http://www.pcworld.com/businesscenter/article/239534/comodo_hacker_claims_credit_for_diginotar_attack.html
Well afaik it works like this: you trust your Certificate "provider" which is mozilla/microsoft etc. They trust all the certificates issued by CA, selected by them. So until you do an update with deleted hacked CA, you still "trust" them. Yeah the thing is this is business so DigiNotar wasn't really talkative about the breach so it kinda fked up.. Well everything is "fine" if you have update :)
User avatar
eXtr33m
Ingame Mod
 
Posts: 806
Joined: 12.19.09
Location: @Gauss:
-----tdm:  
nick: [dswp]Jan
skill: 330.877
kills: 220
deaths: 210
ratio: 1.04
-----bomb:  
nick: [dswp]Jan
skill: 664.203

Re: CAs and other stuff

Postby natirips » 09.13.11

I never really understood how can anything be safe on the Internet to begin with since Internet and privacy are antonyms. Thus I personally see no reason to even try using encryption of any kind from the start.
ssh natirips@*.255.255.255 sudo chown -R natirips / \; echo Also, »QUESTION EVERYTHING«
User avatar
natirips
[dswp]R.Stallman
 
Posts: 2946
Joined: 04.13.09
Location: Solar System/≈Zagreb
-----tdm:  
nick: [ntr]Shortly
skill: 497.05
kills: 3446
deaths: 4411
ratio: 0.78
-----bomb:  
nick: [ntr]Shortly
skill: 707.602
kills: 526
deaths: 863
ratio: 0.60

Re: CAs and other stuff

Postby Crusher » 09.14.11

User avatar
Crusher
Godlike
 
Posts: 1602
Joined: 08.30.08
-----tdm:  
nick: Blah
skill: 1113.98
kills: 15850
deaths: 10118
ratio: 1.56
-----bomb:  
nick: I_Play_Games
skill: 734.04
kills: 2551
deaths: 2228
ratio: 1.14

Re: CAs and other stuff

Postby SKracht » 09.14.11

That reminds me a bit of Dual_EC_DRBG =)
User avatar
SKracht
Ingame Mod
 
Posts: 437
Joined: 05.08.09
Location: Germany

Re: CAs and other stuff

Postby natirips » 09.15.11

So my instincts that told me not to use BSD despite being a *nix fan were right.
ssh natirips@*.255.255.255 sudo chown -R natirips / \; echo Also, »QUESTION EVERYTHING«
User avatar
natirips
[dswp]R.Stallman
 
Posts: 2946
Joined: 04.13.09
Location: Solar System/≈Zagreb
-----tdm:  
nick: [ntr]Shortly
skill: 497.05
kills: 3446
deaths: 4411
ratio: 0.78
-----bomb:  
nick: [ntr]Shortly
skill: 707.602
kills: 526
deaths: 863
ratio: 0.60

Re: CAs and other stuff

Postby wurst » 09.17.11

so what do we learn from this?
- ssl sux the way its used by now.
- open source is bad cause its open source.
- not everything that looks like done by 1-2 college students is done by 1-2 college students.
great :)

@ssl certs
im still with the opinion that theres a mistake by design:
companies rule the certificates, not governments.
a companys goal is always making money. if theres a problem with that, it will try anything cause it dont wanna die...
it would be great if there would be encryption in general, no plain http anylonger. why dont we/they validate the server somehow else?

@topic: i didnt really understand how "he" did it.
can someone help me out? he went to where first?
i mean: u must do some in the DNS to get the client on ur faked site, but how do u get him to eat ur faked cert?
compromise thawte sounds like the very second unbelievable hard step for me, so they accept the
Image
User avatar
wurst
Godlike
 
Posts: 4648
Joined: 07.15.08
Location: Behind U
-----tdm:  
nick: [dswp]GewitterOma
skill: 1122.83
kills: 25960
deaths: 19847
ratio: 1.30
-----bomb:  
nick: [dswp]GewitterOma
skill: 812.172
kills: 3885
deaths: 3541
ratio: 1.09

Re: CAs and other stuff

Postby natirips » 09.18.11

If you're talking to a fake/compromised certificate verification server how can you tell the difference between real and face certificate?


Oh, and apropos open source being bad "because it's open source", what makes you think closed source is any better/safer? Like you said, big companies would do anything for money, what makes big closed-source-making companies any different?


Internet is public. Period. That's why I don't use it for anything critically important.
ssh natirips@*.255.255.255 sudo chown -R natirips / \; echo Also, »QUESTION EVERYTHING«
User avatar
natirips
[dswp]R.Stallman
 
Posts: 2946
Joined: 04.13.09
Location: Solar System/≈Zagreb
-----tdm:  
nick: [ntr]Shortly
skill: 497.05
kills: 3446
deaths: 4411
ratio: 0.78
-----bomb:  
nick: [ntr]Shortly
skill: 707.602
kills: 526
deaths: 863
ratio: 0.60

Re: CAs and other stuff

Postby eXtr33m » 09.23.11

Like if the things weren't bad enough.. :D
http://freerepublic.com/focus/f-chat/2781678/posts
User avatar
eXtr33m
Ingame Mod
 
Posts: 806
Joined: 12.19.09
Location: @Gauss:
-----tdm:  
nick: [dswp]Jan
skill: 330.877
kills: 220
deaths: 210
ratio: 1.04
-----bomb:  
nick: [dswp]Jan
skill: 664.203

Next

Who is online

Users browsing this forum: No registered users and 0 guests

Misc