Domain: teamfurry.com
Stories and comments across the archive that link to teamfurry.com.
Comments · 7
-
Re:!secure
SSL has certification authorities. Needless to say, initiating an encrypted connection via tor with a site that is not certified is at least as careless as not using SSL at all.
Because CA signing has never been compromised ?
IE, Chrome, Safari duped by bogus PayPal SSL cert
MD5 Weakness Allows Fake SSL Certificates To Be Created
Or because no one ever gets suckered by a proxy just stripping out the SSL altogether ?
Man-in-the-middle attack sidesteps SSL
And no one has ever been tricked into clicking "OK" when a MITM attack passes on its own cert ?
TOR exit-node doing MITM attacks
Now I know you (and the guy who modded me "overrated") probably take all possible precautions but they only need to catch you or some less careful type off guard once. I don't know why anyone would route a secure connection through an untrusted node on purpose. Sounds like asking for trouble to me.
-
Re:Hm, that and DNSsec sucks ass
DNSSEC is not an https replacement, nor a replacement for ssl keys. Many services that require DNS resolution (and that the resolution be good,) do not happen over https or ssh (it often comes as a surprise to some people that the internet is not the web, but ping or smtp are two prominent examples that often use DNS; calling http trivial doesn't actually make it so, and http is vulnerable still.) That https/ssl can secure the communication between you and a webserver is not of much use if the cert has been faked -- see http://www.teamfurry.com/wordpress/2007/11/20/tor-exit-node-doing-mitm-attacks/ if you're curious as to how this can be taken advantage of (and even if you're a paranoid nut using Tor, how often are you checking that SSL certs are good?)
-
Re:Head in the clouds
Security Questions? Just another password. Except a security question allows another level of difficulty by various questions that it may ask. Never actually tell a website what your pet dog's name was. IP Address? Use TOR. Google does not need to know your actual IP address of where you are to deliver you service.
I'd rather have Google knowing my IP address than the man-in-the-middle exit nodes knowing my username and password. Ah well, in utopia we'd have both using EKE... and IPsec everywhere. -
Re:Solution???
-
Re:Solution???
-
Worm / hacker / cracker
Actually, the entire virus / worm / trojan definition is pretty muddled.
AFAIK, Worm meant it propagated by the Internet. Trojan horse was something that was an undesirable feature in a software package and did not propagate on it's own. Virus attacked itself to different software packages by itself, unlike a trojan horse, and it relied on piracy to spread. And since the sneaker net was way more prevelent than the Internet, making the virus the most common in early computing, virus came to refer to all 3.
Self-emailing malware share more features with worms than trojans, so they're more often classified as worms, although there is a move to reclassify them as trojans.
All anti-virus programs detect and fix it, and there are also stand alone fixes avalible. Clicky The problem is all the unpatched boxes. -
Removal Tool