Gmail accounts being hijacked like crazy

[OutHouse]

Is my thread turning into a Pwnage of the Year nomination?

no nothing will ever beat-out Dave's vinegar thread. yours is second.

 

[OutHouse]

The irony in it all of this thread I use Chrome but I know that with the others you can control it as well you can be on a https site and disable ssl in the options in the browser.

i really hope you do not work in IT or god forbid in any network security role. its painfully clear you are totally clueless.

 

[SpatiallyAware]

do you even know what ssl means? You keep talking about it like you do but i don't think it means what you think it means.

You see ssl is a very special magical protocol that i read about. It sends a little graphic of a lock and then your browser puts that lock on the screen letting you know that you're perfectly safe. Also https is a tunneling protocol, it's not like it's a normal application layer protocol that sends instructions over a layer5 encrypted session layer.

But the lock makes me safe!!!

 

[Crusty]

But the lock makes me safe!!!

Only if you don't disable SSL in your browser

 

[spidey07]

Only if you don't disable SSL in your browser

Yeah. When you disable SSL in your browser you send all your application requests via HTTP on port 443. The web server of course is totally cool with this, it will not attempt to negotiate SSL at all.

 

[emgeiger1991]

Just as an experiment, I fired up IE and disabled SSL 2.0 / 3.0 (read : NO HTTPS-labeled options were involved here) and attempted to go to gmail (which I have HTTPS enabled for) and the page wouldn't come up. I re-enabled SSL 2.0 / 3.0 and the page comes right up, so what you just said doesn't sound right either. I'll say it again, HTTPS invokes SSL / TLS, without support from that layer, HTTPS wouldn't work. They're tied so closely together you can't mention HTTPS without implicating SSL / TLS.

there is a button that says "continue to this website(not recommended)" just cause it says not recommended doesn't mean that you can't use it. and chrome don't have the option to use SSL 2.0 over 3.0 it is just 2.0.

 

[Crusty]

there is a button that says "continue to this website(not recommended)" just cause it says not recommended doesn't mean that you can't use it. and chrome don't have the option to use SSL 2.0 over 3.0 it is just 2.0.

Go away, you obviously don't understand a damn thing. The checkbox is to enable using SSL 2.0 instead of SSL 3.0. Maybe if you RTFM sometimes you would understand what that option does.

 

[cronos]

So I have been going back and forth from stupid to trolling to stupid back to trolling. I'm not sure what I think about him now

 

[Crusty]

So I have been going back and forth from stupid to trolling to stupid back to trolling. I'm not sure what I think about him now

There's no problem with being stupid IF you can accept the fact that you're wrong sometimes and learn from it... this kid is too ignorant to realize that people who have more industry experience than he has years alive might possibly be right, so I'm going to go with stupid AND troll.

 

[James Bond]

If anyone wants to see MORE emgeigger1991 ownage, read this thread:
http://forums.anandtech.com/showthread.php?t=2072711

PS: There should be a 'noob of the year' award as well.

 

[SpatiallyAware]

Eh he's just a troll.

 

[SpatiallyAware]

If anyone wants to see MORE emgeigger1991 ownage, read this thread:
http://forums.anandtech.com/showthread.php?t=2072711

PS: There should be a 'noob of the year' award as well.

Ok he posted this in that thread:

"If i was banned from the internet then that would mean that their would be less people to fix it (at least the way to access it and not actually it itself)"




I.E. He prolly works at for the geek squad.

 

[James Bond]

Ok he posted this in that thread:

"If i was banned from the internet then that would mean that their would be less people to fix it (at least the way to access it and not actually it itself)"




I.E. He prolly works at for the geek squad.

I hate getting banned from the internet

 

[JD50]

Eh he's just a troll.

Yep, there's no way someone that dumb could figure out how to work a computer and get on the internet. Definitely a troll.

 

[GodlessAstronomer]

Go away, you obviously don't understand a damn thing. The checkbox is to enable using SSL 2.0 instead of SSL 3.0. Maybe if you RTFM sometimes you would understand what that option does.

And that box is disabled by default. According to emgeigger1991 all Chrome users are surfing with SSL disabled unless they opt in.

 

[emgeiger1991]

Yep, there's no way someone that dumb could figure out how to work a computer and get on the internet. Definitely a troll.

And that box is disabled by default. According to emgeiger1991 all Chrome users are surfing with SSL disabled unless they opt in.

okay all you fuck nuts need to get my name straight and jacka$$ numero uno that means #1 for all who don't understand how do you think i'm on this website if i was so stupid that i can't even get online and jacka$$ numero dos that means 2 (two) why don't you uninstall and re-install and check it again it's not disabled by default. on my home computer never touched it and it's checked marked, the computer that I used to tell you about that was my IT training, school.

 

[Crusty]

okay all you fuck nuts need to get my name straight and jacka$$ numero uno that means #1 for all who don't understand how do you think i'm on this website if i was so stupid that i can't even get online and jacka$$ numero dos that means 2 (two) why don't you uninstall and re-install and check it again it's not disabled by default. on my home computer never touched it and it's checked marked, the computer that I used to tell you about that was my IT training, school.

It doesn't matter what that is set to. Either way you're going to connect to an SSL enabled server, that's the point. You are claiming that with that box unchecked you don't use SSL which is blatantly false.

SSL 2.0 and 3.0 servers can both accept requests from 2.0 and 3.0 clients using whatever the highest common version is.

 

[spidey07]

It doesn't matter what that is set to. Either way you're going to connect to an SSL enabled server, that's the point. You are claiming that with that box unchecked you don't use SSL which is blatantly false.

SSL 2.0 and 3.0 servers can both accept requests from 2.0 and 3.0 clients using whatever the highest common version is.

It's a magic protocol! It's almost like there is some kind of instructions on capabilities, version to use, what the public keys are and some kind of NONCE.

doh, I've said too much.

 

[Crusty]

It's a magic protocol! It's almost like there is some kind of instructions on capabilities, version to use, what the public keys are and some kind of NONCE.

doh, I've said too much.

:awe:

 

[spidey07]

:awe:

I like analyzing trace files on why an SSL load balancer isn't working.
:awe:

Nah, I don't know anything about SSL or it's state machine.
/e-peen

 

[emgeiger1991]

It doesn't matter what that is set to. Either way you're going to connect to an SSL enabled server, that's the point. You are claiming that with that box unchecked you don't use SSL which is blatantly false.

SSL 2.0 and 3.0 servers can both accept requests from 2.0 and 3.0 clients using whatever the highest common version is.

maybe your going to connect to an SSL server if where your going that server or any server in between has SSL enabled because every website you go to ins't going to have SSL could mean that it's not enabled on that server and then why is it that when you disable it you disable those certificates so your telling it that nothing on https is safe because you are unable to make a secure connection to that site because you don't have those certificates. Bold are words straight from https://microsoft.com with SSL disabled (unchecked) and okay I will take back my words that https and SSL have nothing to do with each other maybe they do but I don't know but now i can see that they do through the experimentation I 've just gone through. say what you want but this post is being posted late and so i'm tired and trying to rush so i can get to bed and get some sleep. so I can argue with you guys later. lqtm

 

[GodlessAstronomer]

 

[geno]

okay I will take back my words that https and SSL have nothing to do with each other maybe they do

There's no "maybe" about it. You clearly don't know your shit which makes this :

who's to say that I don't have the real world experience and is getting the "certs." to actually prove that I have the experience

unsettling if you really are passing any cert programs.

 

[geno]

Bold are words straight from https://microsoft.com with SSL disabled (unchecked)

Keeping in mind it's already been pointed out that the "Use SSL 2.0" option in Chrome just disables SSL 3.0 and reverts back to the older version, so you're probably not disabling it at all. I'm left with no other option but to think you don't really know how to disable SSL or perform an accurate test (like I did in IE by actually DISABLING SSL altogether). I just unchecked SSL3.0 and TLS and *surprise surprise* I can't access that site, but when I re-enable both options, the site comes up fine :awe:

You lose, Stark, you lose.

 

[JD50]

maybe your going to connect to an SSL server if where your going that server or any server in between has SSL enabled because every website you go to ins't going to have SSL could mean that it's not enabled on that server and then why is it that when you disable it you disable those certificates so your telling it that nothing on https is safe because you are unable to make a secure connection to that site because you don't have those certificates. Bold are words straight from https://microsoft.com with SSL disabled (unchecked) and okay I will take back my words that https and SSL have nothing to do with each other maybe they do but I don't know but now i can see that they do through the experimentation I 've just gone through. say what you want but this post is being posted late and so i'm tired and trying to rush so i can get to bed and get some sleep. so I can argue with you guys later. lqtm

Please keep posting.