Okay starting from the top 1)what I posted has nothing to do with SSL it was talking about HTTPS 2) I'm talking about IT certifications, which, all are multiple choice. So you calling all IT certification exams worthless going along with everyone that has them? good luck getting your computer fixed next time 3) who's to say that I don't have the real world experience and is getting the "certs." to actually prove that I have the experience. And last when did we ever get on the subject of wireless, the thread is about gmail hacking.
Okay starting from the top 1)what I posted has nothing to do with SSL it was talking about HTTPS 2) I'm talking about IT certifications, which, all are multiple choice. So you calling all IT certification exams worthless going along with everyone that has them? good luck getting your computer fixed next time 3) who's to say that I don't have the real world experience and is getting the "certs." to actually prove that I have the experience. And last when did we ever get on the subject of wireless, the thread is about gmail hacking.
JD50
Lifer
- Sep 4, 2005
- 11,919
- 2,887
- 136
All IT certifications are NOT multiple choice. There are several exams that are functional exams and do not have any multiple choice questions. See my sig if you need an example, you seem like the type that needs things spelled out for them. I said that certification exams that only have multiple choice questions are worthless, that does not mean that everyone that holds those certs are worthless. Next time I need my computer fixed I'll just fix it myself, like I always have....
JD50
Lifer
- Sep 4, 2005
- 11,919
- 2,887
- 136
Doesn't this attack trigger a changeover to insecure HTTP or an unrecognized/invalid certificate exception?
Crusty
Lifer
- Sep 30, 2001
- 12,684
- 2
- 81
It all depends on the effort the attacker is willing to go through. If they can trick a CA into issuing them a real cert in the name of the domain they are trying to hijack then your browser most likely isn't going to throw up any warnings. That's pretty hard to do though, so most likely you'll get an invalid CA warning because the attacker will be using self signed certificates.
There are other things like EV for certificates that most popular sites will be using as well.
Crusty
Lifer
- Sep 30, 2001
- 12,684
- 2
- 81
hypertext transfer protocol secure port 443; hypertext transfer protocol port 80; SSL-Secure Socket Layer; SSH secure Shell-port 22 the encryption of telnet; telnet port 23 transfers in clear text; ftp-file transfer protocol transfers in clear text port 20 and 21 tftp trivial file transfer protocol port 69 transfers over UDP user datagram protocol port 63 stfp secure file transfer protocol and since this thread is about mail SMTP simple message transer protocol port 25; IMAP internet message access protocol port 110; POP3 post office protocol version 3 port 143 so don't tell me I don't know what i'm talking about
- Jun 16, 2001
- 5,539
- 0
- 0
Thank you for the info. I did not know that. Of course, I don't even know what "MITM" stands for. So, the bottom line is that even though you are using an HTTPS webpage, you are still not secure.
I do not believe that I am the only one who did not know this. Why isn't this given more publicity? None of the businesses that I have secure online accounts with have mentioned this.
As for applications, I was thinking more about paying bills while on extended trips, or accessing my online trading account. Sometimes you'd like to make sure that your mortgage got paid on time.
geno
Lifer
- Dec 26, 1999
- 25,074
- 4
- 0
HTTPS invokes SSL/TLS :
Link
So this :
Is pretty stupid since HTTPS has a LOT do to with SSL (which, for the intents of this conversation, SSL and TLS are really one in the same since TLS is really the replacement for SSL and maintains backward compatibility) by default, so WTF are you talking about?
Last edited:
irishScott
Lifer
- Oct 10, 2006
- 21,562
- 3
- 0
You know, just re-read the title and the first thing that came to mind was "yeah, and everybody got AIDS and shit." 
- Jun 16, 2001
- 5,539
- 0
- 0
You know, just re-read the title and the first thing that came to mind was "yeah, and everybody got AIDS and shit."
Edited tags to reflect new information.
I had forgotten about a certificate signed by a different authority, thanks for reminding me.
MITM = man in the middle. An attack will usually involve a compromised wireless access point at the physical location. As written above, a certificate issued by a CA is pretty difficult to get. An attack that bypasses the security checks in current browsers would use both.
Would any of these hijacks have anything to do w/ google's "Gaia" code being stolen? That was essentially the authentication system, no?
The irony in it all of this thread I use Chrome but I know that with the others you can control it as well you can be on a https site and disable ssl in the options in the browser.
geno
Lifer
- Dec 26, 1999
- 25,074
- 4
- 0
Just as an experiment, I fired up IE and disabled SSL 2.0 / 3.0 (read : NO HTTPS-labeled options were involved here) and attempted to go to gmail (which I have HTTPS enabled for) and the page wouldn't come up. I re-enabled SSL 2.0 / 3.0 and the page comes right up, so what you just said doesn't sound right either. I'll say it again, HTTPS invokes SSL / TLS, without support from that layer, HTTPS wouldn't work. They're tied so closely together you can't mention HTTPS without implicating SSL / TLS.
Last edited:
Crusty
Lifer
- Sep 30, 2001
- 12,684
- 2
- 81
WHAT? I just downloaded and installed Chrome to see this for myself and you are so wrong it's not even funny. Chrome gives you the option to use SSL 2.0 instead of 3.0, nowhere does it let you 'disable ssl' for an https site. That defeats the ENTIRE purpose of https.
Just stop, please, you're only making yourself look worse. It's clear from your numerous posts that you have no clue what you are talking about and are going to do more harm than good by continuing to spout your bullshit.
Gooberlx2
Lifer
- May 4, 2001
- 15,381
- 6
- 91
Lulz, try disabling SSL with your bank's website and see how well it works. IF you you wouldn't get an error or blank page, have fun decrypting all the garbly-beloved patriot with just your brain.
...and if it did work, enjoy having your monies stolen because your bank is stupid.
SpatiallyAware
Lifer
- Sep 7, 2009
- 12,960
- 3
- 0
Crusty
Lifer
- Sep 30, 2001
- 12,684
- 2
- 81
He wouldn't make it past the very first technical question I'd ask him in an interview...
Do you even know what SSL means? You keep talking about it like you do but I don't think it means what you think it means.
You see SSL is a very special magical protocol that I read about. It sends a little graphic of a lock and then your browser puts that lock on the screen letting you know that you're perfectly safe. Also HTTPS is a tunneling protocol, it's not like it's a normal application layer protocol that sends instructions over a layer5 encrypted session layer.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter