-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
Hackers break SSL encryption used by millions of sites
- Thread starter Chiefcrowe
- Start date
Gamingphreek
Lifer
As of right now, only Opera 10 and Internet Explorer 8 and above support TLS 1.1 and 1.2.
Firefox and Chrome support 1.0.
Safari (Apple's security is pitiful) simply says it supports TLS... doesn't say which version.
Firefox and Chrome support 1.0.
Safari (Apple's security is pitiful) simply says it supports TLS... doesn't say which version.
Chiefcrowe
Diamond Member
Hmm that is interesting. i wonder when firefox will extend the TLS support?
MtnMan
Diamond Member
:thumbsup: And they have to be in the right place at the right time, making their chances small.
Additionally XP does not provide support for TLS 1.1
Many websites do not yet support TLS 1.1
If there is a caution in this........... stay off wireless connections you don't trust.
Last edited:
General Kenobi
Senior member
Yeah, you'll be safe as long as you retain full control of your home network.
Last edited:
Gamingphreek
Lifer
The OS does not determine whether SSL is supported.
Additionally you don't necessarily need control over a portion of the network. You can intercept the packets and relay them on towards the destination.
-Kevin
Gamingphreek
Lifer
Those settings only govern Internet Explorer and are listed there because Internet Explorer is integrated into the Windows Shell. The OS has no idea about SSL/TLS.
Unless it's your government, ISP, or employer trying to spy on you. China also demonstrated the ability to hijack network traffic about a year or two ago.
Of course, if the group you rely on for your Internet connection is trying to MITM you, there really isn't much you can do. In theory, you could set up an IPSec connection between yourself and the destination, but it's not like you can do that with Amazon or whomever you want.
TLS1.0 has been known to be insecure for (at least) nearly 2 years. A lot of Linux vendors started turning it off in their distros once it was provably exploitable.
While traveling last week, I noticed several wireless network connections were available in my hotel. I couldn't help but think that in a setting like a hotel would be a target rich environment for hackers exploiting this vulnerablity. With so many naive to internet security folks in the US who do online financial transactions/look at bank info on various electronic devices, I can see them just clicking the "connect to available wireless network" option without thinking even once about the risk involved.
Wes
Wes
SSL is easily cracked, so HTTPS ought not be relied upon for any measure of security. Finding these "how-to's" mostly ON YOUTUBE took me only few seconds, practically without even trying, and I didn't even search google, which MAKES THE POINT: ANYBODY CAN DO IT, the "how to" is all over YouTube, SO DO NOT TRUST HTTPS for any real security:
Cracking SSH Logins
Ssl And The Future Of Authenticity (Blackhat 2011)
SSL vs. The Universe | Cracking an SSL Certificate
Hack Tutorial: Sniffing SSL Passwords
Download hacking tools All In One pack with full instruction
SSL Hacking
Hacking and decrypting SSL
How to: Snifff SSL / HTTPS (sslstrip)
Sniffing https with ettercap
Cracking A Simple Crackme
(p.s. How To Hack Into Someones Webcam Updated Instructions) [so maybe put tape over the camera staring at you on your laptop?]
Cracking SSH Logins
Ssl And The Future Of Authenticity (Blackhat 2011)
SSL vs. The Universe | Cracking an SSL Certificate
Hack Tutorial: Sniffing SSL Passwords
Download hacking tools All In One pack with full instruction
SSL Hacking
Hacking and decrypting SSL
How to: Snifff SSL / HTTPS (sslstrip)
Sniffing https with ettercap
Cracking A Simple Crackme
(p.s. How To Hack Into Someones Webcam Updated Instructions) [so maybe put tape over the camera staring at you on your laptop?]
Gamingphreek
Lifer
You are vastly oversimplifying the process. A bunch of Youtube videos doesn't mean it is easy...
-GP
-GP
Yes, you're right, but remember, "It's easy when you know how."
Gamingphreek
Lifer
Not with SSL3.0 or TLS1.0 - BEAST is the first major exploit to really affect it.
SSL1.0 and 2.0 are obviously vulnerable. TLS 1.1 and 1.2 are still secure.
-GP
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
