Slashdot Mirror

So long as they can't actively monitor you enter the key, they can't get into that data

It's called a brute force attack. With most people using numeric PINs that's a trivial task. The only thing that's preventing that is iOS's auto-wipe and cooldown for failed entries. And that's what this is all about: the fed wants Apple to add a backdoor to remove the cooldown so they can brute force their way in.

https://www.grc.com/haystack.h...

It appears to me that Microsoft is selling itself to secret U.S. government agencies. Who tried to kill the excellent TrueCrypt? The old original TrueCrypt web site pushes people toward a Microsoft product.

Can Microsoft be trusted? Here are some articles:

Windows 8: NSA Backdoor Exploit in Windows 8 Uncovered (Aug. 22, 2013)

Windows: NSA "backdoor" mandates lead to a computer-security FREAK show Quote: "Microsoft Windows OS vulnerable to hackers, thanks to National Security Agency requirements." (March 6, 2015)

Windows: NSA Built Back Door In All Windows Software by 1999 (June 7, 2013)

Windows 10, Microsoft hiding what it is doing: Microsoft has no plans to tell us what's in Windows patches. Quote: "Each update is a black box, and it's going to stay that way." (Aug 21, 2015)

Windows 10, Microsoft takes even more control: Windows 10 is spying on almost everything you do -- here's how to opt out But, of course, Microsoft can change the spyware to avoid blocking. (July 31, 2015)

Microsoft can't be trusted: How Can Any Company Ever Trust Microsoft Again? (June 17, 2013)

Microsoft releases EXTREMELY buggy software: Microsoft Kills Many Critical Flaws, Some 0-Days, Un-Trusts One Wildcard Cert It is likely that there are many bugs Microsoft hasn't yet found. Are Microsoft products intentionally made insecure? (December 9, 2015)

If they're using SQRL, then I don't have any new security concerns.

https://en.wikipedia.org/wiki/...
https://www.grc.com/sqrl/sqrl....

Keep your phone secure, and the authentication scheme is really hard to break.

E.G. #1 - Oliver Day (SYMANTEC/SECURITYFOCUS) CLEARLY disagree w/ you:

A RETURN TO THE KILLFILE:

http://www.securityfocus.com/c...

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."

Speed, and security, is the gain... others like Mr. Day note it as well!

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

---

E.G.#2 - OReilly:

For security -> http://oreilly.com/pub/a/windo... & For speed -> http://www.oreillynet.com/pub/...

---

E.G.#3 - Steve Gibson:

Steve Gibson endorses hosts as good https://www.grc.com/sn/sn-045....

---

E.G.#4 - Aryeh Goretsky of ESET/NOD32:

It works Aryeh Goretsky NOD32/ESET hosts = good security-> http://it.slashdot.org/comment...

---

E.G.#5 - Brocke Wilders of WILDERS' SECURITY does too:

By creating an inferior clone of MY PROGRAM though -> http://www.wilderssecurity.com...

---

E.G.#6 - Mr. Steven Burn of Malwarebytes does also:

MalwareBytes' hpHosts' Admin hosts + RECOMMENDS my APK Hosts File Engine 9.0++ SR-2 32/64-bit-> http://hosts-file.net/?s=Downl...

APK

P.S.=> Myself as well makes 7, so, SO much for your bs jealous little off topic troll... apk

E.G. #1 - The words of a security expert, Oliver Day (SYMANTEC/SECURITYFOCUS) CLEARLY disagree w/ you:

A RETURN TO THE KILLFILE:

http://www.securityfocus.com/c...

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."

Speed, and security, is the gain... others like Mr. Day note it as well!

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

---

E.G.#2 - OReilly:

For security -> http://oreilly.com/pub/a/windo... & For speed -> http://www.oreillynet.com/pub/...

---

E.G.#3 - Steve Gibson:

Steve Gibson endorses hosts as good https://www.grc.com/sn/sn-045....

---

E.G.#4 - Aryeh Goretsky of ESET/NOD32:

It works Aryeh Goretsky NOD32/ESET hosts = good security-> http://it.slashdot.org/comment...

---

E.G.#5 - Brocke Wilders of WILDERS' SECURITY does too:

By creating an inferior clone of MY PROGRAM though -> http://www.wilderssecurity.com...

---

E.G.#6 - Mr. Steven Burn of Malwarebytes does also:

MalwareBytes' hpHosts' Admin hosts + RECOMMENDS my APK Hosts File Engine 9.0++ SR-2 32/64-bit-> http://hosts-file.net/?s=Downl...

APK

P.S.=> So much for your bs... apk

See subject - & does more by far vs. browser addons for less resource consumption + illogically "Bolting on 'MoAr'":

E.G. #1 - Oliver Day (SYMANTEC/SECURITYFOCUS):

http://www.securityfocus.com/c...

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."

Speed & security is a gain!

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware." (another reputable source right there too: Spybot)

---

E.G.#2 - OReilly:

For security -> http://oreilly.com/pub/a/windo... & For speed -> http://www.oreillynet.com/pub/...

---

E.G.#3 - Steve Gibson:

Steve Gibson endorses hosts as good https://www.grc.com/sn/sn-045....

---

E.G.#4 - Aryeh Goretsky of ESET/NOD32:

It works Aryeh Goretsky NOD32/ESET hosts = good security-> http://it.slashdot.org/comment...

---

E.G.#5 - Brocke Wilders of WILDERS' SECURITY does too:

By creating an inferior clone of MY PROGRAM though -> http://www.wilderssecurity.com...

---

E.G.#6 - Mr. Steven Burn of Malwarebytes does also:

MalwareBytes' hpHosts' Admin hosts + RECOMMENDS my APK Hosts File Engine 9.0++ SR-2 32/64-bit-> http://hosts-file.net/?s=Downl...

APK

Or you could just memorize one passphrase

Or you could just memorize one strong password. Passphrases are vulnerable to dictionary permutation attacks... and that's the type of attack most commonly used.

That's why you pad your passphrase with a random number of symbols.

http://www.securityfocus.com/c...

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."

Speed, and security, is the gain... others like Mr. Day note it as well!

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

Per my points exactly, no less...

---

E.G.#2 - OReilly:

For security -> http://oreilly.com/pub/a/windo... & For speed -> http://www.oreillynet.com/pub/...

---

E.G.#3 - Steve Gibson:

Steve Gibson endorses hosts as good https://www.grc.com/sn/sn-045....

---

E.G.#4 - Aryeh Goretsky of ESET/NOD32:

It works Aryeh Goretsky NOD32/ESET hosts = good security-> http://it.slashdot.org/comment...

---

E.G.#5 - Brocke Wilders of WILDERS' SECURITY does too:

By creating an inferior clone of MY PROGRAM though -> http://www.wilderssecurity.com...

---

E.G.#6 - Mr. Steven Burn of Malwarebytes does also:

MalwareBytes' hpHosts' Admin hosts + RECOMMENDS my APK Hosts File Engine 9.0++ SR-2 32/64-bit-> http://hosts-file.net/?s=Downl...

APK

P.S.=> Accept NO substitutes... apk

See subject & this -> https://www.grc.com/sn/sn-045....

* :)

Why? They work BETTER doing more for speed, security, reliability + anonymity online FOR LESS resources consumed (RAM/CPU/other I-O too) with less redundancy AND complexity & you already natively have hosts files...

APK

P.S.=> Nothing makes hosts useful for all that like my program does -> http://mobile.slashdot.org/com...

... apk

The Quiet Canine

This sounds suspiciously similar to SQRL https://www.grc.com/sqrl/sqrl....

P.S. Try https://www.grc.com/fingerprin...

If your fingerprints on that page differ from the fingerprints on your browser's cert for those sites, you're being MITM'd.

e.g.
www.grc.com
01:56:D3:AC:CF:5A:3F:B8:8F:0F:B4:30:88:2D:F6:72:4E:8C:F2:E0

I hate to add this but to be truthful Apple can comply if the iMessage is a group message using their cloud based keychain. Since Apple controls which public keys are associated with which participant there is no reason they could not insert an extra one for which they themself have the corresponding private key.

That is assuming they could make the UI hide the extra iMessage recipient line.

See: https://www.grc.com/sn/sn-448.... for further info and some interesting other stuff about the IOS security model.

Of course, the real solution is to get rid of passwords. Web sites should switch to using OpenID authentication

Or SQRL!

SQRL does something like a secure token. It allows a manager on a smartphone or computer.

The site you are trying to access presents a clickable QR code that contains a session id and some random gibberish. The SQRL manager will sign that message with a private key that you have, and it signifies that you are who you say you are.

This allows you to sign into a public machine using your smartphone, and once the session is terminated, anything that could have been captured doesn't allow an attacker to login later.

On your home machine you could have a manager that handles SQRL:// and it takes the smartphone out of the loop.

https://www.grc.com/sqrl/sqrl.htm

More U.S. government corruption? Hidden agencies in the U.S. government can do secret projects that are bad for the country.

GRC's | TrueCrypt, the final release, archive

It might seem as if there is nothing changing under the hood, but people are actually working on improving things and actually making sure CA's can't issue certificates for your website you didn't want to be issued:

http://www.certificate-transpa...

https://developer.mozilla.org/... (available in the release version of Firefox and Chrome)

https://blog.mozilla.org/secur... (available in the release version of Firefox, Chrome already had something similar)

https://blog.mozilla.org/secur...

https://www.grc.com/revocation...

Seems to me that if you use a password manager - LastPass among others - then this is unnecessary. I never type my password. and if I'm phished, then the site won't match the password manager entry and won't be filled in. So, google would have been better off allowing / providing a good password manager rather than this half measure that only sees it after the fact rather than preventing you from entering it in the first place. Personally, I'm waiting for SQRL that will eliminate the need for passwords altogether. https://www.grc.com/sqrl/sqrl.... -ww

More info on Security Now #502

If you don't trust password managers and would like a way to generate unique, deterministic and hard to crack passwords. Take your 8 word diceware password and use it as the entropy for:-
https://www.grc.com/otg/offthe...

Which generates a 26x26 latin square. Use that with the domain name of the site and a memorable algorithm to generate a password for each site.

Also, in the near future (from the same source) is:-
https://www.grc.com/sqrl/sqrl....

You will still need your ONE strong password (or biometric) to protect the master key from which all site specific keys are generated (via the domain name), but when supported by a site it leaves nothing but a site specific public key for them to store that you use by proving that you can sign a random challenge with your site specific associated private key. So even if their database leaks it has no useful authentication data for an attacker to make use of because each sites keys are unrelated to any other. Which also means that for low value site who only need your key and nothing else to authenticate you due ti it being a two party system you are uncrackable.

If you don't trust password managers and would like a way to generate unique, deterministic and hard to crack passwords. Take your 8 word diceware password and use it as the entropy for:-
https://www.grc.com/otg/offthe...

Which generates a 26x26 latin square. Use that with the domain name of the site and a memorable algorithm to generate a password for each site.

Also, in the near future (from the same source) is:-
https://www.grc.com/sqrl/sqrl....

You will still need your ONE strong password (or biometric) to protect the master key from which all site specific keys are generated (via the domain name), but when supported by a site it leaves nothing but a site specific public key for them to store that you use by proving that you can sign a random challenge with your site specific associated private key. So even if their database leaks it has no useful authentication data for an attacker to make use of because each sites keys are unrelated to any other. Which also means that for low value site who only need your key and nothing else to authenticate you due ti it being a two party system you are uncrackable.

SQRL completely eliminates the need for passwords https://www.grc.com/sqrl/sqrl....

You do send the passwords to the servers though right (if not, and infected server could modify the web pages to do this)? Thus it could be server side, and just passively collecting the passwords as logins occur. Don't just assume client side just because a dump of the database wouldn't do it, unless you use something like SQRL or a browser based (not java script based) un-spoofable version of something like SRP.

The fact that technical users are willing to type passwords into regular fields to be sent off to the server unmodified, or consumed by unverified client side scripts amazes me. It's as bad as how credit cards work! Sharing your secret to prove who you are is archaic.

It's clearly something like phishing in this case though, but don't let that make you think you implementation is safe from server side attacks.

There it is. It has been known since Obama and the FCC first started talking about this. You see "Net Neutrality" to the rest of us means, leave it alone because it's been just fine for years. But Mr. Obama and the FCC came up with their own plan to make it a utility under the control of the FCC and they called their plan "Net Neutrality". The SAME name.

This is an attempt of government to seize control of communications, and that is usually what happens just before war.

I will not tolerate or accept or aknowledge any FCC authority whatsoever. and I will encrypt EVERYTHING.

Web sites can and should implement a client side encryption for even posting blogs, so it can't be captured and used by the FCC or anybody else.

It's long over due for everybody to establish a MESH network, outside the control of government or corporations. And the mesh network needs to be without any need of DNS, as that too is a security threat.

Get active in these efforts. :DIME (Formerly Darkmail) http://www.tomsguide.com/us/di... :SQRL (Pronounced Squirrel). https://www.grc.com/sqrl/sqrl.... :MESH Networks http://en.wikipedia.org/wiki/W... :Eliminate DNS Sorry, I don't have any good links on this one. :VIDEO - Mr. President https://www.youtube.com/watch?...

Work hard, or sacrifice your freedom. This is the world your children will end up living in.

Title II Common Carrier classification will do none of the things you claim it will do. That said, I agree that everything should be encrypted with strong encryption. However, those are two separate issues. Please educate yourself. Or not. But if you don't, you're just making yourself look ignorant.

Steve Gibson (yes, Steve Gibson) did a podcast on why 'clever' tricks to choose memorable passwords, might not be such a good idea.

Short version: the bad guys know all the little tricks like replacing 'a' by '@'. Whether this is particular trick would be more resistant, I'm not sure.

gpg, when you can.

To encrypt, but have the encrypted output be encoded as text (so can be put copy/paste into an email)
gpg --symmetric --cipher-algo AES256 --armor example.txt

(gpg will then ask for a passphrase, make it long, as random as possible, upper and lower case, a punctuation, and a number)

TO DECRYPT
gpg example.txt.gpg

Steve Gibson has a very cool Internet resource for helping people learn about password strength: https://www.grc.com/haystack.h...

Per the haystack page:

Example passphrase = search space size

64characters of hex = 4.13 x 10^99

63characters of hex, plus adding a punctuation symbol = 4.93 x 10^117

62characters of hex, plus adding a punctuation symbol, plus adding an upper case letter = 3.79 x 10^126

Just don't forget that - whatever Steve Gibson has to say on the matter - it does rely on the competence and integrity of the LastPass crew.

If LastPass rework their website so that your password is sent to them (rather than the encrypted hash generated by JavaScript), they can do decryption locally on their side (rather than in JavaScript in your browser), then they can read your passwords.

If they get man-in-the-middled somehow - by a malicious employee, say - your passwords are no longer yours.

They could engineer their site to be subpoena-friendly. (Whether they have, I don't know.)

Also, if someone hits you on the head after you've signed in to LastPass, they have all your passwords.

As i understand it, Google has placed a Revocation backdoor in Chrome.
(No Firefox addon will save you when in Chrome. duh)

More details on Revocation, from people that *knows* security,
https:grc.com/revocation/crlsets.htm

• There is no trusted third party. There is the only a) the user and b) the website (and also notice that each website will receive different identities, so no cross site spying).
• The creator, Steve Gibson, is doing this just because it is a good security solution and have no other interests. He has a long track record of being an security expert, starting the podcast Security Now! in 2005, currently up to 467 episodes.

• There is no trusted third party. There is the only a) the user and b) the website (and also notice that each website will receive different identities, so no cross site spying).
• The creator, Steve Gibson, is doing this just because it is a good security solution and have no other interests. He has a long track record of being an security expert, starting the podcast Security Now! in 2005, currently up to 467 episodes.

See:- https://www.grc.com/sqrl/sqrl....

Using a smartphone as your token, and if that is not secure enough for you, I am for my sins presently building an HSM that will interface over NFC with the smartphone to keep all the cryptography parts and master key outside of the potentially vulnerable computing platform. Further I promise as do many of us working on this project to make everything we can public domain or at the least open licensed.

Before making comment on this please do read and digest all the reference material, TL;DR; does not cut it in crypto.

Agreed what this paper says is a really bad idea, but the bigger question is why do you need to protect your low value digital assets with equivalent security to your high value ones with strong unique passwords.

The reason is, as is mentioned you will have many more low value assets with apparently insignificant information stores than the few that store critical information. So that if say you reuse a week password on all these low value sites a single break in any of them will potentially give an attacker access to all of the rest as it is known that once an attacker gets a username/email and a password (reversed from a week hash) say they will try that username/email and password everywhere they can. It thus will be not a single tiny piece of information you risk with this policy but every piece of information on all the sites you risk and that may well add up to something very saleable to an attacker.

So what do we do?

0/ We cannot go around with many unique strong passwords in our head for fear of leakage and loss of retention.
1/ We could use a password safe, provided we trust the vendors or our skill to write it and not later make what is now a strong keeper weak by software patch.
2/ We could use a high entropy deterministic password generator e.g: https://www.grc.com/offthegrid... if we have the time to work the manual algorithm each time we want a password.
3/ We could do away with almost all passwords by use of Oauth / SiteID etc. Provided we trust a third party in all logins to not track our use.
4/ We could do away with All but one single pass-phrase that would potentially allow us to pseudonymously identify everywhere like SQRL, but that is early days and will need time to be supported.

What I am saying is there is no single solution but many, but for certain the one suggested in the paper is not one of them...

Not the first time this has happened. PayPal are clowns.

In 2009 (ctrl-f for "bypass the use").

In 2011 (ctrl-f for "don't have your football"), where they allowed use of common-knowledge as a fallback if you didn't have your 'football'.

Not the first time this has happened. PayPal are clowns.

In 2009 (ctrl-f for "bypass the use").

In 2011 (ctrl-f for "don't have your football"), where they allowed use of common-knowledge as a fallback if you didn't have your 'football'.

Luckily I have a copy of 7.1a for x64 linux

I noticed something the other day when looking for a copy of the install on my own system. It turns out that when you install TrueCrypt for Windows, it puts a copy of the installer in the destination directory! If you're on Windows, take a look in your %ProgramFiles%\TrueCrypt directory. You will probably find a TrueCrypt Setup.exe file (at work so not sure of the exact filename). This can be used to install/repair/reinstall TrueCrypt on any computer.

There have been some good attempts to create a trustworthy TrueCrypt archive, but nothing beats your original installation source, which you can use to verify against various signatures found online.

If TrueCrypt devs really gave up because they think it is pointless, then they should open source the code (BSD, Apache2, GPL, MIT). There is no reason not to, unless they had contributers who passed away.

There is another reason. TrueCrypt is already open source.
It uses the TrueCrypt license.

It is hard to change something into a state it already is in.

There is also "confirmation" that the developers are simply tired of the project and don't want anyone else to work on it:
https://www.grc.com/misc/truec...

Gibson is generally a reliable source. He was very much right back in the day when he built the "Shields Up!" site and everybody else called him paranoid.

And his explanation also makes sense: they did change the license, and they did take the time and trouble to build 7.2 before the "sudden" announcement on their page.

Why would they want to kill the project? Who knows? People sometimes do perverse things.

But if that were actually their intent, they won't succeed. The group doing the audit said that if it passes, they plan to offer a fork build and continue the project.

It appears grc has created page where the last final version of TrueCrypt and all source code could be downloaded.

My hope would be that someone will fork the project and continue development for Linux, and Windows XP/2003, at least, AND preferably work on new Version of Windows.

Bitlocker is REALLY not good enough, for most users won't have access to it -- since it is only in the ENTERPRISE version of Windows 7; in particular... Windows 7 Standard and Professional do not have the feature.

Link because why in the world do people use URL shorteners?

According to this page - someone e-mailed a dev contact and claims they called it quits due to lack of interest

https://www.grc.com/misc/truec...

(Scroll to the bottom, the green box).

The only real "confirmation" we have is the info on the TrueCrypt page. It's over (no matter what the reason is), best to move on.

It doesn't matter who revokes the keys. Right now only Firefox and Chrome ever check for revoked certs, and Chrome at least has this disabled by default. If you are running iOS or Android, your browser doesn't check the CRL before trusting the cert. So it's great if web sites revoke certs, but it doesn't actually change anything on the end user side, for the most part. I'm not saying anything about Windows platforms because I don't have access to any; it's possible that they do support CRLs. You can check whether your browser supports CRLs by going to this test URL. If you don't get a warning from your browser, your browser isn't checking CRLs.

It wasn't the EU services ... it was the UK (British) services:

I saw another little piece of interesting miscellany which was that the GSM digital encryption, which is of course so common for cell phones, was deliberately crippled from the beginning. Its team of designers wanted to use 128-bit keys. And it was backlash from the British government back in the early '80s that wanted to be able to crack it for surveillance purposes. So they wanted it, again, they wanted it to be good enough that individuals couldn't afford to crack it, but easy enough that they could. West Germany, on the other hand, wanted strong keys to keep East Germany from snooping. So there was a bunch of back-and-forth. And the key length was first cut in half, from 128 bits to 64. But still that was felt by the governments to be too strong. So under, as I understand it, pressure from the British government, and we talked about this once a long time ago because I remember mentioning this bizarre fact, the last 10 bits of the key are always set to zero.

from here

From Steve Gibson and Leo Laporte:

Now, it's not quite as onerous in my experience as Jim's letter indicates because it does not
make an entire copy of your system partition and/or drive. Instead you set aside a block of
hard drive space. And using a feature, basically it's file system filtering, this is able to capture
any changes which are made to the system drive. And essentially it caches the changes. So, for
example, when any application, installer, literally anything you do, I mean, this thing is global.
You cannot turn it off without restarting Windows. So it's not something that just sort of easily
comes and goes. I mean, this is meant to be bulletproof.
And I discovered the hard way that it even protects the partition table, and that first track of
the drive which we were talking about recently could be prone to preboot kernel rootkits. I was
using something else that did deliberately change that first track, very much in a kernel rootkit
fashion. And that'll be the subject of an upcoming podcast because it involves performing whole
drive encryption. And it turns out that SteadyState uninstalled this thing, even though I had
SteadyState sort of in a mode where it was supposed to allow changes to be saved. So, I
mean...

        208.67.222.222

        208.67.220.220

Remember these numbers

I use GRC.com (Steve Gibson's) DNS Benchmark https://www.grc.com/dns/benchm.... Those DNS's are way too slow for me
in fact not even in the running. I use clearwire-dns.net as my DNS, a LAN on a wireless carrier; but the speed rocks.

I reran a benchmark for this reply to verify, In order it's Clearwire as DNS #1 and Charter (my ISP) as DNS #2. Google (8.8.8.8 - 8.8.4.4) falls- after 4.2.2.1 - 4.2.2.6 (I don't know what to make of those DNS's, other than just not using them).

OpenDNS, again isn't even in the running.

Try out the Gibson research DNS benchmark that will id fastest DNS for you. Double check (google) that your not picking a troublesome DNS provider (DNS redirectors, etc) https://www.grc.com/dns/benchm...

This sounds like a very poorly-configured DNS server. There are other server issues as well. Some are slow. Others like to return their own special pages when you mistype a domain name. I've been using DNS Benchmark to determine the best set of DNS servers to use for a home network. It's a neat tool that provides a lot of information succinctly - be sure to read the walkthrough to understand what it's showing you.

This sounds like a very poorly-configured DNS server. There are other server issues as well. Some are slow. Others like to return their own special pages when you mistype a domain name. I've been using DNS Benchmark to determine the best set of DNS servers to use for a home network. It's a neat tool that provides a lot of information succinctly - be sure to read the walkthrough to understand what it's showing you.

Just go here and check the signature of the certificate you are getting against the one listed there. If they don't match you know there's someone fucking around.

https://www.grc.com/fingerprin... posts fingerprints for some common sites so you can compare them with what you get in your Web browser.

Relevant link: https://www.grc.com/fingerprin... This is one reason why companies are opposed to non-IE web browsers. Firefox has its own cert store for example.