It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
How secure is that little green padlock in your web browser? You may be surprised.
page: 110
share:
I have my own domain which I use as a mail server, openvpn server and owncloud server. Using SSL Labs I increased my encrypted connection score from
C to A+ with around 3-4 hours reading an adjusting. Using a Firefox add-on I was able to recheck my domain encryption connection and scored 9 out of
10. Remember this only took me 3-4 hours (I am not an IT expert) . We will be looking at banking institutions, cellphone companies, social media,
search engines and a few others to see how they compare (bear in mind these companies employ IT experts).
Brief Overview
With any encrypted connection these is the risk of "a man in the middle attack" as you cannot guarantee who is on the other end. You will see a warning page in your browser warning you the encrypted page is not secure due to this. To overcome this Certificate Authorities validate that you are on the right domain eg Geotrust, Digicert, Thawte. The website owner has to purchase this in the form of a digital certificate which they upload onto their website/server in order for domain validation to work.
There is far more to encrypted connections than just a certificate. Firstly the platform used. SSL (Secure Socket Layer) which has been cracked and is now obsolete (there are still websites using SSLv2 and SSLv3). TLS (Transport Layer Security) is now used and ideally it should be TLSv1.2 (TLSv1.0 has been cracked and is now obsolete). Bear this in mind while viewing the images below.
There is also the cipher suite to consider for both signing and encryption. SHA1 has been cracked and is now obsolete. Hashed SHA1 (HMAC-SHA1) is reportedly weak. Bear this in mind while viewing the images below. Google is now giving a warning flag for SHA1 and from next year Chrome will not be able to access these sites.
Lastly there is 'perfect forward secrecy' (PFS) to consider. This relate to keys that are used. If the public and private keys used in specific communications are compromised it can reveal the data exchanged in that session as well as the data exchanged in previous sessions. PFS is the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the (long-term) private keys is compromised in the future.
First is my own domain.
Now some search engines.
Yahoo is also 9 out of 10 with perfect forward secrecy.
Brief Overview
With any encrypted connection these is the risk of "a man in the middle attack" as you cannot guarantee who is on the other end. You will see a warning page in your browser warning you the encrypted page is not secure due to this. To overcome this Certificate Authorities validate that you are on the right domain eg Geotrust, Digicert, Thawte. The website owner has to purchase this in the form of a digital certificate which they upload onto their website/server in order for domain validation to work.
There is far more to encrypted connections than just a certificate. Firstly the platform used. SSL (Secure Socket Layer) which has been cracked and is now obsolete (there are still websites using SSLv2 and SSLv3). TLS (Transport Layer Security) is now used and ideally it should be TLSv1.2 (TLSv1.0 has been cracked and is now obsolete). Bear this in mind while viewing the images below.
There is also the cipher suite to consider for both signing and encryption. SHA1 has been cracked and is now obsolete. Hashed SHA1 (HMAC-SHA1) is reportedly weak. Bear this in mind while viewing the images below. Google is now giving a warning flag for SHA1 and from next year Chrome will not be able to access these sites.
Lastly there is 'perfect forward secrecy' (PFS) to consider. This relate to keys that are used. If the public and private keys used in specific communications are compromised it can reveal the data exchanged in that session as well as the data exchanged in previous sessions. PFS is the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the (long-term) private keys is compromised in the future.
First is my own domain.
Now some search engines.
Yahoo is also 9 out of 10 with perfect forward secrecy.
edit on 6-12-2015 by deliberator because: (no reason given)
Social Media is next
edit on 6-12-2015 by deliberator because: (no reason given)
Next is Banking Companies.
edit on 6-12-2015 by deliberator because: (no reason given)
Lastly some random sites.
Amazon.com scored 9 so if you have no idea what Amazon AWS is you can disregard this.
I think EBay and Nationwide are the main to flag and Amazon AWS and Three should have a red flashing siren as they are still using TLSv1.0. Both these sites you enter your debit/credit card for services.
If you would like me to check a site please post. Alternatively you can download the SSLeuth add-on for Firefox.
It would be interesting and appreciated if anyone with experience of encryption could offer feedback.
Amazon.com scored 9 so if you have no idea what Amazon AWS is you can disregard this.
I think EBay and Nationwide are the main to flag and Amazon AWS and Three should have a red flashing siren as they are still using TLSv1.0. Both these sites you enter your debit/credit card for services.
If you would like me to check a site please post. Alternatively you can download the SSLeuth add-on for Firefox.
It would be interesting and appreciated if anyone with experience of encryption could offer feedback.
edit on 6-12-2015 by deliberator because: (no reason given)
Doesn't bother me that much as I have very little to steal.Look at backtrack Linux, you could pretty much intercept anything people are doing over
wifi.
a reply to: CallYourBluff
I am using Fedora 23. I thought WPA2 and MAC address exclusion was pretty secure.
I am using Fedora 23. I thought WPA2 and MAC address exclusion was pretty secure.
Hey would any of these work?
ETA: Just a small part of my collection.
ETA: Just a small part of my collection.
edit on 12/6/2015 by Kukri because: (no reason given)
They would be useful when immoral hackers are caught. Bind them in chains and attach one.
originally posted by: deliberator
a reply to: CallYourBluff
I am using Fedora 23. I thought WPA2 and MAC address exclusion was pretty secure.
Not at all.
Thanks for the video. Just a brute force software programme. I have over 50 characters in my password with upper/lower case, number and symbols. I
doubt a laptop or IPad could crack it. You also have to factor that the WLAN has to be in range. Imagine sitting outside someone's house for weeks!
I also have client isolation and DDOS protection enabled on my router. My neighbours are elderly, most of them do not know what WiFi is.
So you think an Ethernet connection is more secure. What about a local network travelling across the earth wiring in ac mains?
So you think an Ethernet connection is more secure. What about a local network travelling across the earth wiring in ac mains?
edit on 6-12-2015 by deliberator because: (no reason given)
a reply to: CallYourBluff
that video is kinda deceiving... you're gonna need a bigger password list than that.... at least 50+ gbs
and even with that it can take weeks to months to crack a good wpa2 password
you're better off using reaver to brute force the wps pin.. that is ofc if it is enabled on the router
that video is kinda deceiving... you're gonna need a bigger password list than that.... at least 50+ gbs
and even with that it can take weeks to months to crack a good wpa2 password
you're better off using reaver to brute force the wps pin.. that is ofc if it is enabled on the router
edit on 6-12-2015 by phildunphy01
because: (no reason given)
It is a brute force program, but given the distance (with the right device)wifi can be picked up and how cheap laptops are, you could set one away and have access to everyone's wifi in your street within days.Ethernet plus a VPN and TOR is the most secure way to access the internet. Depends on how paranoid you are.
originally posted by: deliberator
Thanks for the video. Just a brute force software programme. I have over 50 characters in my password with upper/lower case, number and symbols. I doubt a laptop or IPad could crack it. You also have to factor that the WLAN has to be in range. Imagine sitting outside someone's house for weeks! I also have client isolation and DDOS protection enabled on my router. My neighbours are elderly, most of them do not know what WiFi is.
So you think an Ethernet connection is more secure. What about a local network travelling across the earth wiring in ac mains?
originally posted by: phildunphy01
a reply to: CallYourBluff
that video is kinda deceiving... you're gonna need a bigger password list than that.... at least 50+ gbs
and even with that it can take weeks to months to crack a good wpa2 password
you're better off using reaver to brute force the wps pin.. that is ofc if it is enabled on the router
Yes, but how many people do you think actually change the router password or know how?
I think my OP shows that some companies have a "set and forget" attitude regarding server/website security which is completely wrong. The recent
TalkTalk hack was due to a mysql injection attack. This could have been avoided with updated software and robust security systems.
new topics
-
Thousands Of Young Ukrainian Men Trying To Flee The Country To Avoid Conscription And The War
Other Current Events: 2 hours ago -
12 jurors selected in Trump criminal trial
US Political Madness: 5 hours ago -
Iran launches Retalliation Strike 4.18.24
World War Three: 5 hours ago -
Israeli Missile Strikes in Iran, Explosions in Syria + Iraq
World War Three: 5 hours ago -
George Knapp AMA on DI
Area 51 and other Facilities: 11 hours ago -
Not Aliens but a Nazi Occult Inspired and then Science Rendered Design.
Aliens and UFOs: 11 hours ago
top topics
-
George Knapp AMA on DI
Area 51 and other Facilities: 11 hours ago, 25 flags -
Israeli Missile Strikes in Iran, Explosions in Syria + Iraq
World War Three: 5 hours ago, 14 flags -
Louisiana Lawmakers Seek to Limit Public Access to Government Records
Political Issues: 13 hours ago, 7 flags -
So I saw about 30 UFOs in formation last night.
Aliens and UFOs: 17 hours ago, 6 flags -
Iran launches Retalliation Strike 4.18.24
World War Three: 5 hours ago, 6 flags -
Do we live in a simulation similar to The Matrix 1999?
ATS Skunk Works: 17 hours ago, 5 flags -
Not Aliens but a Nazi Occult Inspired and then Science Rendered Design.
Aliens and UFOs: 11 hours ago, 5 flags -
12 jurors selected in Trump criminal trial
US Political Madness: 5 hours ago, 4 flags -
The Tories may be wiped out after the Election - Serves them Right
Regional Politics: 15 hours ago, 3 flags -
Thousands Of Young Ukrainian Men Trying To Flee The Country To Avoid Conscription And The War
Other Current Events: 2 hours ago, 3 flags
active topics
-
Fossils in Greece Suggest Human Ancestors Evolved in Europe, Not Africa
Origins and Creationism • 60 • : whereislogic -
Scarface does Tiny Desk Concert
Music • 7 • : sitrose -
The Acronym Game .. Pt.3
General Chit Chat • 7727 • : F2d5thCavv2 -
Russia Ukraine Update Thread - part 3
World War Three • 5697 • : F2d5thCavv2 -
Do we live in a simulation similar to The Matrix 1999?
ATS Skunk Works • 22 • : SchrodingersRat -
Iran launches Retalliation Strike 4.18.24
World War Three • 15 • : semperfortis -
President BIDEN Warned IRAN Not to Attack ISRAEL - Iran Responded with a Military Attack on Israel.
World War Three • 43 • : WeMustCare -
Israeli Missile Strikes in Iran, Explosions in Syria + Iraq
World War Three • 52 • : WeMustCare -
Mandela Effect - It Happened to Me!
The Gray Area • 107 • : inflaymes69 -
Terrifying Encounters With The Black Eyed Kids
Paranormal Studies • 45 • : daskakik
10