| |||||||||||||
'HTTPS Everywhere' is a PITA'HTTPS Everywhere' is a PITAPosted Feb 29, 2012 0:33 UTC (Wed) by smadu2 (subscriber, #54943)In reply to: 'HTTPS Everywhere' is a PITA by HelloWorld Parent article: EFF: New 'HTTPS Everywhere' Version
The point is not that you don't care about if stuff you are sending is insesitve/sensitve - the point is if the stuff you are sending/receiving is actually the stuff thats being sent/received - man in the middle.
(Log in to post comments)
'HTTPS Everywhere' is a PITA Posted Feb 29, 2012 1:11 UTC (Wed) by sjj (subscriber, #2020) [Link]
You do know that you can buy firewalls that do automatic man-in-the-middle between your client and a server out there on the internet? They basically impersonate the server, and create a server cert on the fly.
Many corporations use these nowadays.
'HTTPS Everywhere' is a PITA Posted Feb 29, 2012 1:46 UTC (Wed) by smadu2 (subscriber, #54943) [Link]
I do understand - in that case I have to trust my organization's root certificate at which I point I know whats going on. I would certainly not expect this when I am browsing at home.
Google chrome issues me a waring that the site's certificate is not trusted and I have to import my organizations "root certificate"). It even refuses to allow me further with out importing.
I would ask PITA or be secure? Posted Feb 29, 2012 9:55 UTC (Wed) by puchalakd (guest, #28036) [Link]
Please remember, that when you are viewing something that isn't encrypted someone can simply modify that traffic and for example add an exploit designed for your web browser, or plug-in.
It's not only about "this information is public, or private" it's about your security.
I have strong believe that LWN editors wouldn't include anything malicious. But the problem is that I'm using internet in a lot of different places and I don't have so strong confidence that owners (real ones, or the ones that "hack" into it) would not modify my traffic just because they can.
Please, take a look at the funny way to modify internet web access:
But someone can make that modifies more malicious. Include whatever thay want! And there is a pretty high chance that your browser will run this.
Another problem is that even if I browse my favorite web site using HTTPS, there can still be some connections which are not secure.
If only one of this connection is not encrypted someone can modify that traffic and change it to something malicious. And even this famous Green bar with https would help you.
If someone want to protect himself/herself or is just curious what is really loaded with webpage please install and try to use RequestPolicy firefox add-on.
So it's not just a problem - Do I have something to hide when I'm browsing net?
The real problem is I don't want to be infected, lose control over my account @..., let someone post something that will make me look stupid, etc.
I would ask PITA or be secure? Posted Feb 29, 2012 14:44 UTC (Wed) by ewan (subscriber, #5533) [Link]
"rotate images in webpages, or make them blurry :)"
This is not always done as a result of people being funny; a significant fraction of mobile network operators will intercept requests for JPEG files and re-compress them to lower quality to save over-the-air bandwidth; this is a recurring source of complaints about poor image quality being posted to Flickr's help forum. Using HTTPS everywhere prevents that sort of misbehaviour.
|
|||||||||||||