search -  faq -  rulez -  staff

forums






map cycle
irc              pwnalizer
voice         dswp bar




Register

Login


It is currently 11.18.24

 

All times are UTC + 1 hour




Post new topic Reply to topic  [ 18 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: CAs and other stuff
PostPosted: 09.13.11 
Offline
Ingame Mod
User avatar

Joined: 12.19.09
Posts: 806
Location: @Gauss:
-----tdm:  
nick: [dswp]Jan
skill: 330.877
kills: 220
deaths: 210
ratio: 1.04
-----bomb:  
nick: [dswp]Jan
skill: 664.203
They told us - nothing what is free can be good as paid, and yet they failed so much people could have been in danger. We can only hope that they will get the words of people that CA system is so shitty, highschooler could do better, but well as long as there is money in it i don't think they will give up easily..
http://www.theinquirer.net/inquirer/news/2106643/diginotar-hackers-targeted-cia-mossad-mi6



 


Top
 Profile  
 
 Post subject: Re: CAs and other stuff
PostPosted: 09.13.11 
Offline
Ingame Mod
User avatar

Joined: 05.08.09
Posts: 437
Location: Germany
meh when he released ComodoGate i thought like 'ok that smart little iranian guy stumbled about something huge, fine, but he is kind a narcissistic praisin himself and reactin to every line on twitter, idiot, will never hear of him again'.
But this one is dramatic, i read through the lists of domains and institutes that where/maybe compromised, wow.
I'm not so deeply into CAs and i stopped following his (religious) shit published on etherpads and twitter and so on but as far as i understand, the complete CA system and of course SSL are simply fucked, right? so is TOR than...
guess he made lots of money selling CA's for MITM's



 


Top
 Profile  
 
 Post subject: Re: CAs and other stuff
PostPosted: 09.13.11 
Offline
Ingame Mod
User avatar

Joined: 12.19.09
Posts: 806
Location: @Gauss:
-----tdm:  
nick: [dswp]Jan
skill: 330.877
kills: 220
deaths: 210
ratio: 1.04
-----bomb:  
nick: [dswp]Jan
skill: 664.203
Well if he is a single guy is questionable: Only reported attack i've heard of is on Iranian citizens (about 300 000)..
http://www.pcworld.com/businesscenter/article/239534/comodo_hacker_claims_credit_for_diginotar_attack.html
Well afaik it works like this: you trust your Certificate "provider" which is mozilla/microsoft etc. They trust all the certificates issued by CA, selected by them. So until you do an update with deleted hacked CA, you still "trust" them. Yeah the thing is this is business so DigiNotar wasn't really talkative about the breach so it kinda fked up.. Well everything is "fine" if you have update :)



 


Top
 Profile  
 
 Post subject: Re: CAs and other stuff
PostPosted: 09.13.11 
Offline
[dswp]R.Stallman
User avatar

Joined: 04.13.09
Posts: 2946
Location: Solar System/≈Zagreb
-----tdm:  
nick: [ntr]Shortly
skill: 497.05
kills: 3446
deaths: 4411
ratio: 0.78
-----bomb:  
nick: [ntr]Shortly
skill: 707.602
kills: 526
deaths: 863
ratio: 0.60
I never really understood how can anything be safe on the Internet to begin with since Internet and privacy are antonyms. Thus I personally see no reason to even try using encryption of any kind from the start.

_________________
ssh natirips@*.255.255.255 sudo chown -R natirips / \; echo Also, »QUESTION EVERYTHING«



 


Top
 Profile  
 
 Post subject: Re: CAs and other stuff
PostPosted: 09.14.11 
Offline
Godlike
User avatar

Joined: 08.30.08
Posts: 1602
-----tdm:  
nick: Blah
skill: 1113.98
kills: 15850
deaths: 10118
ratio: 1.56
-----bomb:  
nick: I_Play_Games
skill: 734.04
kills: 2551
deaths: 2228
ratio: 1.14
http://arstechnica.com/open-source/news ... -stack.ars



 


Top
 Profile  
 
 Post subject: Re: CAs and other stuff
PostPosted: 09.14.11 
Offline
Ingame Mod
User avatar

Joined: 05.08.09
Posts: 437
Location: Germany
That reminds me a bit of Dual_EC_DRBG =)



 


Top
 Profile  
 
 Post subject: Re: CAs and other stuff
PostPosted: 09.15.11 
Offline
[dswp]R.Stallman
User avatar

Joined: 04.13.09
Posts: 2946
Location: Solar System/≈Zagreb
-----tdm:  
nick: [ntr]Shortly
skill: 497.05
kills: 3446
deaths: 4411
ratio: 0.78
-----bomb:  
nick: [ntr]Shortly
skill: 707.602
kills: 526
deaths: 863
ratio: 0.60
So my instincts that told me not to use BSD despite being a *nix fan were right.

_________________
ssh natirips@*.255.255.255 sudo chown -R natirips / \; echo Also, »QUESTION EVERYTHING«



 


Top
 Profile  
 
 Post subject: Re: CAs and other stuff
PostPosted: 09.17.11 
Offline
Godlike
User avatar

Joined: 07.15.08
Posts: 4648
Location: Behind U
-----tdm:  
nick: [dswp]GewitterOma
skill: 1122.83
kills: 25960
deaths: 19847
ratio: 1.30
-----bomb:  
nick: [dswp]GewitterOma
skill: 812.172
kills: 3885
deaths: 3541
ratio: 1.09
so what do we learn from this?
- ssl sux the way its used by now.
- open source is bad cause its open source.
- not everything that looks like done by 1-2 college students is done by 1-2 college students.
great :)

@ssl certs
im still with the opinion that theres a mistake by design:
companies rule the certificates, not governments.
a companys goal is always making money. if theres a problem with that, it will try anything cause it dont wanna die...
it would be great if there would be encryption in general, no plain http anylonger. why dont we/they validate the server somehow else?

@topic: i didnt really understand how "he" did it.
can someone help me out? he went to where first?
i mean: u must do some in the DNS to get the client on ur faked site, but how do u get him to eat ur faked cert?
compromise thawte sounds like the very second unbelievable hard step for me, so they accept the

_________________
Image



 


Top
 Profile  
 
 Post subject: Re: CAs and other stuff
PostPosted: 09.18.11 
Offline
[dswp]R.Stallman
User avatar

Joined: 04.13.09
Posts: 2946
Location: Solar System/≈Zagreb
-----tdm:  
nick: [ntr]Shortly
skill: 497.05
kills: 3446
deaths: 4411
ratio: 0.78
-----bomb:  
nick: [ntr]Shortly
skill: 707.602
kills: 526
deaths: 863
ratio: 0.60
If you're talking to a fake/compromised certificate verification server how can you tell the difference between real and face certificate?


Oh, and apropos open source being bad "because it's open source", what makes you think closed source is any better/safer? Like you said, big companies would do anything for money, what makes big closed-source-making companies any different?


Internet is public. Period. That's why I don't use it for anything critically important.

_________________
ssh natirips@*.255.255.255 sudo chown -R natirips / \; echo Also, »QUESTION EVERYTHING«



 


Top
 Profile  
 
 Post subject: Re: CAs and other stuff
PostPosted: 09.23.11 
Offline
Ingame Mod
User avatar

Joined: 12.19.09
Posts: 806
Location: @Gauss:
-----tdm:  
nick: [dswp]Jan
skill: 330.877
kills: 220
deaths: 210
ratio: 1.04
-----bomb:  
nick: [dswp]Jan
skill: 664.203
Like if the things weren't bad enough.. :D
http://freerepublic.com/focus/f-chat/2781678/posts



 


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 18 posts ]  Go to page 1, 2  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 20 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Imprint

Powered by phpBB © 2000, 2002, 2005, 2007, 2008, 2009, 2010 phpBB Group

Skin by Lucas Kane
we use apache2 mod rewrite with phpBB SEO
map train_beta1-100 © 2009 by SteveMcQueen
Statistics Backend + Database by XLR Stats and B3 Bot
mapvote robot and gameserver monitor © 2009 by BlinKy
mumble viewer Copyright © 2008 Dominik Radner (aka Urmel)
mumble switcher and integration © 2008 by XTJ7, Unclefragger and Wursti
Localisation Plugin © 2009, Team Leads Plugin © 2009 and Knifer Plugin © 2009 by SvaRoX
for our stats we use Chart.js Copyright (c) 2013-2015 Nick Downie.
the stats also use some jQuery jQuery v2.1.4 | (c) 2005, 2015 jQuery Foundation, Inc.



voice server
top 20 players


nameskillkills
-Dws.BLINGBLING*-*1730.63418631
NormaSnockers1865.75400492
Zottel1760.8276378
make.them.suffer1846.17269872
>8v=1825.35230156
moon1777.56195615
sjas1692.49192315
peace1878.86190660
Wagner_Moura1562.9188001
Goomba1859.75182677
z0rn1608.41181016
Mad1803.76179124
[dswp]PLZ1847.85178516
Graf_ZahlIII1835.73167407
Zohan1611.07159737
ubercunt1634.93159240
Yarrr!1917.33156233
I_am_nOOb1909.64151268
Pandageddon1891.75148319
Pirat1664.08145798