Böse 2015-10-30

loweel

2015-10-30 13:42 Or be forced by the govt to give them the keys and credentials…. which is even worst, if you think to mass surveillance
New comment by loweel


2015-10-30 13:20 On Plan9 it makes completely sense.
New comment by loweel


2015-10-30 13:11 I generated another at work and used for the machine, but I don’t know. I just think there is a big battle against the self-signed certificates: if everybody would start to use them, the trick of the CA would disappear.
New comment by loweel


2015-10-30 12:58 But I can reach the site, using the same phone… just using a browser. It is javax.net.ssl which is complaining about certificate…
New comment by loweel


2015-10-30 12:51 This is exactly the other way around. If any of the CA “automatically” accepted by your browser/OS is in the hands of a government , which you have no way to know, any government can issue legitimate certificates which will be automagically accepted by your browser. Do you know each and every CA you see in the list (see /etc/ssl/certs) ? At least, I know the fingerprint of MY certificate…. and I can trust MY CA.
New comment by loweel


2015-10-30 12:48 Lüfterkatze. att-317-gattini
New note by loweel


2015-10-30 07:05 RT @osbn FreeBSD: Desktopumgebung nachinstallieren – http://canox.net/2015/10/freebsd-desktopumgebung-nachinstallieren/
loweel repeated a notice by osbn


2015-10-30 08:00 RT @planetlibre Deshacer la revocación de clave OpenPGP http://planetlibre.es/deshacer-la-revocacion-de-clave-openpgp/
loweel repeated a notice by planetlibre


2015-10-30 09:24 RT @drymer XMPP client preconfigured to use Tor +otr http://www.wired.com/2015/10/tor-just-launched-the-easiest-app-yet-for-anonymous-encrypted-im/
loweel repeated a notice by drymer


2015-10-30 10:36 Here is what I get with AndStatus. Any clue? att-309-certi-ssl
New comment by loweel


2015-10-30 09:56 OMS 🙂 🙂 att-307-wurstel
New note by loweel


2015-10-30 09:45 LowEel started following theredqueen.
LowEel (loweel)’s status on Friday, 30-Oct-2015 10:45:52 CET


2015-10-30 09:44 I see. This is something I am getting crazy with: it works to some people, and not for others.
New comment by loweel


2015-10-30 09:43 Saturno Butto’ !art Blade Lovers att-306
New note by loweel


2015-10-30 09:27 When dogs are cooler than you. att-305-cani-iphone
New note by loweel


2015-10-30 09:21 Saturno Butto’ !art att-304
New note by loweel


2015-10-30 09:20 Halloween not so easy anymore. att-303-capricci
New note by loweel


2015-10-30 09:18 Saturno Butto’ Again !art att-302
New note by loweel


2015-10-30 09:18 Splosh att-301
New note by loweel


2015-10-30 09:14 Certificate changed. No multiple CN anymore. Maybe it was the issue?
New note by loweel


2015-10-30 08:55 The lack of epics in our days is terrible. After the 90s, it started to be “minimal” . A different brand of shoes was the new revolution. Diets were the new religions. A different kind of phone was the new parties. Desperate housewives were the new walkyries. Bank’s employees the new heroes. In such a desperate lack of epics, young people started to jump from bridges, doing balconing, extreme sports, whatever seemed them to have some epics inside. And now we are wondering why the are joining the Islamic State. Anybody noticed the holy war is the top of the top of epics?
New note by loweel


2015-10-30 08:25 We’re not “old”. We are “classic”. 😛
New comment by loweel


2015-10-30 08:06 Wow. The next step will be french nails 🙂
New comment by loweel


2015-10-30 07:25 now I have two choices in order to keep the attachments folder distributed between 2 raspi. One is to use syncthing. Just installing on both systems and go. The second is to use the machine I use as a firewall/nginx frontend , exporting with NFS. In such a case, I can set nginx to take the static content from the folder itself. IN the first I would keep them updated, and nginx would cache the static contents. So the result would be more or less the same. I need to think about it.
New note by loweel


2015-10-30 07:21 I don’t think so, because I have tried haproxy’s ssl, apache’s ssl and now nginx ssl, so it should be a bug which affects all the implementations. But also, sniffing, I see the process of coupling happens in clear , so no ssl is involved at all. I tcpdump-ed the traffic, and it was 100% readable without any trick.
New comment by loweel


2015-10-30 07:17 Let’s say BBSs (Fidonet) was a wind of fresh air. But the first internet was amazing….
New comment by loweel


  • PS: questo pezzo e le altre magnifiche elargizioni di saggezza di Uriel Fanelli LowEel sono analizzate su un altro blog degli Untermenschen che curano questo specchio.
  • PPS: pezzo automagicamente caricato da Fornello!
Annunci

6 pensieri su “Böse 2015-10-30

    • Ne ha scritto a lungo. Io non sono un esperto ma mi pareva verosimile la sua tesi, che cioè se lo stato o i servizi segreti possono controllare ed influenzare le CA allora gli stessi possono tranquillamente (e qui semplifico) fare tutto il men in the middle che vogliono

      Mi piace

      • Un certificato autografo dice “Io sono Io e lo dico Io”. Il che significa che non protegge l’identità di un cazzo di nessuno, a meno che non ti venga passato, a priori, tramite un canale sicuro. Il che significa che, l’attacco come intermediario, invece che poterlo fare solo qualcuno che può influenzare una autorità di certificazione (e non sono esattamente cani e porci), lo può fare chiunque possa mettere mano al traffico (tipo il tuo vicino di casa malvagio utilizzando qualche vulnerabilità nota del tuo router wifi).

        Mi piace

        • Sì…. ma lui dice “quel sito è casa mia e ci faccio quel cavolo che voglio io”.
          Il certificato non è mai cambiato quindi o è stato sgamato dai servizi segreti subito oppure è lui… 🙂
          Come scambiarsi in modo affidabile i certificati autografi…. bah…
          Certificati autografi li uso anche per le cose di casa mia ma per l’appunto, io ho generato la chiave ed io l’ho messa sui dispositivi miei e dei miei familiari.

          Mi piace

Rispondi

Effettua il login con uno di questi metodi per inviare il tuo commento:

Logo WordPress.com

Stai commentando usando il tuo account WordPress.com. Chiudi sessione / Modifica )

Foto Twitter

Stai commentando usando il tuo account Twitter. Chiudi sessione / Modifica )

Foto di Facebook

Stai commentando usando il tuo account Facebook. Chiudi sessione / Modifica )

Google+ photo

Stai commentando usando il tuo account Google+. Chiudi sessione / Modifica )

Connessione a %s...