search -  faq -  rulez -  staff


map cycle
irc              pwnalizer
voice         dswp bar



It is currently 03.10.25


All times are UTC + 1 hour

Post new topic Reply to topic  [ 18 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: CAs and other stuff
PostPosted: 09.13.11 
Ingame Mod
User avatar

Joined: 12.19.09
Posts: 806
Location: @Gauss:
nick: [dswp]Jan
skill: 330.877
kills: 220
deaths: 210
ratio: 1.04
nick: [dswp]Jan
skill: 664.203
They told us - nothing what is free can be good as paid, and yet they failed so much people could have been in danger. We can only hope that they will get the words of people that CA system is so shitty, highschooler could do better, but well as long as there is money in it i don't think they will give up easily..


 Post subject: Re: CAs and other stuff
PostPosted: 09.13.11 
Ingame Mod
User avatar

Joined: 05.08.09
Posts: 437
Location: Germany
meh when he released ComodoGate i thought like 'ok that smart little iranian guy stumbled about something huge, fine, but he is kind a narcissistic praisin himself and reactin to every line on twitter, idiot, will never hear of him again'.
But this one is dramatic, i read through the lists of domains and institutes that where/maybe compromised, wow.
I'm not so deeply into CAs and i stopped following his (religious) shit published on etherpads and twitter and so on but as far as i understand, the complete CA system and of course SSL are simply fucked, right? so is TOR than...
guess he made lots of money selling CA's for MITM's


 Post subject: Re: CAs and other stuff
PostPosted: 09.13.11 
Ingame Mod
User avatar

Joined: 12.19.09
Posts: 806
Location: @Gauss:
nick: [dswp]Jan
skill: 330.877
kills: 220
deaths: 210
ratio: 1.04
nick: [dswp]Jan
skill: 664.203
Well if he is a single guy is questionable: Only reported attack i've heard of is on Iranian citizens (about 300 000)..
Well afaik it works like this: you trust your Certificate "provider" which is mozilla/microsoft etc. They trust all the certificates issued by CA, selected by them. So until you do an update with deleted hacked CA, you still "trust" them. Yeah the thing is this is business so DigiNotar wasn't really talkative about the breach so it kinda fked up.. Well everything is "fine" if you have update :)


 Post subject: Re: CAs and other stuff
PostPosted: 09.13.11 
User avatar

Joined: 04.13.09
Posts: 2946
Location: Solar System/≈Zagreb
nick: [ntr]Shortly
skill: 497.05
kills: 3446
deaths: 4411
ratio: 0.78
nick: [ntr]Shortly
skill: 707.602
kills: 526
deaths: 863
ratio: 0.60
I never really understood how can anything be safe on the Internet to begin with since Internet and privacy are antonyms. Thus I personally see no reason to even try using encryption of any kind from the start.

ssh natirips@*.255.255.255 sudo chown -R natirips / \; echo Also, »QUESTION EVERYTHING«


 Post subject: Re: CAs and other stuff
PostPosted: 09.14.11 
User avatar

Joined: 08.30.08
Posts: 1602
nick: Blah
skill: 1113.98
kills: 15850
deaths: 10118
ratio: 1.56
nick: I_Play_Games
skill: 734.04
kills: 2551
deaths: 2228
ratio: 1.14 ... -stack.ars


 Post subject: Re: CAs and other stuff
PostPosted: 09.14.11 
Ingame Mod
User avatar

Joined: 05.08.09
Posts: 437
Location: Germany
That reminds me a bit of Dual_EC_DRBG =)


 Post subject: Re: CAs and other stuff
PostPosted: 09.15.11 
User avatar

Joined: 04.13.09
Posts: 2946
Location: Solar System/≈Zagreb
nick: [ntr]Shortly
skill: 497.05
kills: 3446
deaths: 4411
ratio: 0.78
nick: [ntr]Shortly
skill: 707.602
kills: 526
deaths: 863
ratio: 0.60
So my instincts that told me not to use BSD despite being a *nix fan were right.

ssh natirips@*.255.255.255 sudo chown -R natirips / \; echo Also, »QUESTION EVERYTHING«


 Post subject: Re: CAs and other stuff
PostPosted: 09.17.11 
User avatar

Joined: 07.15.08
Posts: 4649
Location: Behind U
nick: [dswp]GewitterOma
skill: 1122.83
kills: 25960
deaths: 19847
ratio: 1.30
nick: [dswp]GewitterOma
skill: 812.172
kills: 3885
deaths: 3541
ratio: 1.09
so what do we learn from this?
- ssl sux the way its used by now.
- open source is bad cause its open source.
- not everything that looks like done by 1-2 college students is done by 1-2 college students.
great :)

@ssl certs
im still with the opinion that theres a mistake by design:
companies rule the certificates, not governments.
a companys goal is always making money. if theres a problem with that, it will try anything cause it dont wanna die...
it would be great if there would be encryption in general, no plain http anylonger. why dont we/they validate the server somehow else?

@topic: i didnt really understand how "he" did it.
can someone help me out? he went to where first?
i mean: u must do some in the DNS to get the client on ur faked site, but how do u get him to eat ur faked cert?
compromise thawte sounds like the very second unbelievable hard step for me, so they accept the



 Post subject: Re: CAs and other stuff
PostPosted: 09.18.11 
User avatar

Joined: 04.13.09
Posts: 2946
Location: Solar System/≈Zagreb
nick: [ntr]Shortly
skill: 497.05
kills: 3446
deaths: 4411
ratio: 0.78
nick: [ntr]Shortly
skill: 707.602
kills: 526
deaths: 863
ratio: 0.60
If you're talking to a fake/compromised certificate verification server how can you tell the difference between real and face certificate?

Oh, and apropos open source being bad "because it's open source", what makes you think closed source is any better/safer? Like you said, big companies would do anything for money, what makes big closed-source-making companies any different?

Internet is public. Period. That's why I don't use it for anything critically important.

ssh natirips@*.255.255.255 sudo chown -R natirips / \; echo Also, »QUESTION EVERYTHING«


 Post subject: Re: CAs and other stuff
PostPosted: 09.23.11 
Ingame Mod
User avatar

Joined: 12.19.09
Posts: 806
Location: @Gauss:
nick: [dswp]Jan
skill: 330.877
kills: 220
deaths: 210
ratio: 1.04
nick: [dswp]Jan
skill: 664.203
Like if the things weren't bad enough.. :D


Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 18 posts ]  Go to page 1, 2  Next

All times are UTC + 1 hour

Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Powered by phpBB © 2000, 2002, 2005, 2007, 2008, 2009, 2010 phpBB Group

Skin by Lucas Kane
we use apache2 mod rewrite with phpBB SEO
map train_beta1-100 © 2009 by SteveMcQueen
Statistics Backend + Database by XLR Stats and B3 Bot
mapvote robot and gameserver monitor © 2009 by BlinKy
mumble viewer Copyright © 2008 Dominik Radner (aka Urmel)
mumble switcher and integration © 2008 by XTJ7, Unclefragger and Wursti
Localisation Plugin © 2009, Team Leads Plugin © 2009 and Knifer Plugin © 2009 by SvaRoX
for our stats we use Chart.js Copyright (c) 2013-2015 Nick Downie.
the stats also use some jQuery jQuery v2.1.4 | (c) 2005, 2015 jQuery Foundation, Inc.

voice server
top 20 players
