You are just an imbecile who can't even spell Ad Hominem, let alone remember that an attack against the person does not form a sound argument.
They don't even need to check the CA chain of trust
Then they are not implementing SSL Certificate validation. They are implementing a custom validation scheme.
IF they are implementing a custom validation scheme, they may as well implement one that is as SIMPLE as possible, and as SPECIFIC to their application as possible, so it is least likely to be vulnerable to unexpected attacks.
They can control the CA that is trusted.
This is complicated, and likely to result in security errors. There is also the problem that even the "trusted" CA can be compromised. From a security perspective, this is much riskier than just hard coding a single public key.
What if the private key becomes compromised and needs to be rotated?
What If. What if.... You dolt. It's just the same as if a CA key becomes compromised. Publish a security update to the app.
They can implement a backup pin.
AGAIN... with you. More keys that can be attacked, compromised, or guessed. I thought you were trying to PREVENT a covert MITM, not to facilitate one.
What if an attacker steals the key and starts using it to intercept traffic, and the app has no way to check for revocation?
There is an easy way to check revokation --- client or server-side version checks warning the user that their version is out of date and there are security issues.
Seriously, you are - much like un-validated encryption - worse than useless.
Unvalidated encryption is good enough to stop the NSA and 99% of eavesdrop attackers who will be stopped by Validated encryption.
You post like you know what you're talking about, and yet obviously do not.
Unless you're Apple; you don't control what CAs are trusted by default in Safari,
or on the iPhone.
Your best bet is still to shut off validation altogether, don't bother with a valid SSL certificate,
and do store a hard-coded public key in your app, instead.
I may not notice right away, but SOMEONE is going to notice that the thumbprint, issuing CA, etc for a prolific website all just changed.
People are going to notice this regardless of whether or not you do CA-based certificate validation or not, so it is not a factor.
2) Once such an attack is noticed, it is pretty easy to eliminate the threat: You untrust the CA.
*Cough* Nonsense. What happened to Comodo? After they were compromised 3 times and issued numerous false certificates?
NOTHING. Zip. Nada. None of the browsers untrusted them.
Neither did any of the browsers untrust any of the other CAs that had issued and still have issued phony certs as a result of security compromise.
4) Its hard to pull off. Not many attackers are going to have access to a trusted CA's signing certs.
It is the MITM bit that is hard to pull off. It's relatively easy for attackers to get a fraudulently issued certificate issued, or to get one of thousands of CA's signing keys compromised ----- but in general the attacker can just ask for one, and authenticity verification when issuing a certificate happens to be a weak point.
Is Email encrypted? NO Then why is an e-mailed link being used to validate authorization to issue a cert?
when people think nothing of connecting to public wi-fi networks, MITM protection is critical.
When people visit websites, they are often typing in example.com, not https://example.com
If you think MITM is the issue; the CA system doesn't help in this scenario, as the MITM is likely to negate the redirect to SSL in the first place, and to just keep the user in plain http.
This is about as dumb of an argument against SSL as I can imagine.
I'm not arguing against SSL. I'm arguing against CA Validation which was just
A hand wave bolted onto SSL at the very end, in vain attempt to provide authenticitiy.
you're under some kind of deadline pressure and you can't connect to them, don't turn off SSL validation.
OR: Always turn off SSL validation, because it's totally worthless.
The problem is CAs get suberted all the time into issuing certs they shouldn't issue.
In general, the validation provided by a certificate doesn't work, and many developers and security professionals alike
mistake the theoretical security benefits of validation, from the fact in reality.
What a sad state of affairs. The CA-signed certificate, far from being the key to browsing security, is the Maginot Line that preserves the masses in a state of blissful ignorance.
It works perfectly against the attacks conceived and theorised as the dramatic threat to mankind, commerce and the Internet, a decade ago. Problem is, the attackers bypassed it, with as much disdain as any invading army against the last war's dug-in defence.
Problem is, the security model had unreasonable expectations. Problem is, the users didn't subscribe to their part of the protocol. (To be fair, it's hard to communicate to users that they are even expected to be part of anything.)
Problem is, the browser manufacturers that were sold on the need for the certs also got sold on the convenience of click and launch. So, they turned around and sold the security model down the river faster than one can say "check the URL..."
The frequency of a true MITM - one defined above where someone has the ability to control an intermediate node at low level and take central position - is so low as to be difficult to measure. Using risk analysis, there is no economically viable support for mandating protection, so the deployment of a cert should be optional if there is any cost involved.
What about the spoof? In total contrast to the MITM, spoofs are common. As common as dirt, and as equally unclean.
E-commerce sites with real value for thieving suffer spoofing attacks
Does the Cert stop the Spoof? Nope. Well, of course not - not as described above. Obviously the user is at fault for entering - clicking - the wrong address, and not checking.......
so eventually someone will go through and ask, "What was that $70K for?"
It would just be listed as "Legal expenses / Lawyer fees / Settlement costs".
The financial statements of the public school districts may be open for public inspection, but, of course the sensitive details of individual transactions are not.
$7.25 per hour tax, TIMES the number of workers replaced for the operation of any mechanical robotic automaton, machine,
or system of automatons and machines in the retail / distribution, manufacturing, sales, food service, freight, or delivery industries
performing any kind of work that would traditionally be done by a human worker.
Whenever the minimum wage is increased; the tax is to be increased to 70% of the minimum wage.
Up to 15% of the tax can be deducted by the cost of payments for actual replacement parts, repair,
and electricity required to operate the automaton.
For any turnkey 'intelligent' automaton or system of automatons that completely conducts a job ordinarily requiring a number of secretaries, lawyerers, scientists, engineers, technicians, or medical professionals, the tax is increased 300% times number of workers for any labor or clerical work, and by 2000% for any professional work completely executed by the machine.
All fees to be awarded by the state to professionals qualified to work in those roles, who will agree to receive a portion of the tax as a "state paid salary" in lieu of work --- and in exchange, making themselves available to perform any services required by the government if called upon in the future.
You could always offer more to process your transaction. I suspect they also haven't modified the minimum transaction fee because the price is still pretty high
Yeah.... and I could always configure my bitcoind to treat transactions with a fee less than 0.005 as non-standard and not propagate them (which I do)
But my point is it's kind of silly for the network default minimum to "track exchange value" changes, if the minimum doesn't go back up, when the price movement on the exchanges sees a reversal.
Er, what? The fee went from 0.0005 BTC to 0.0001 BTC because the VALUE of the BTC went UP.
No..... someone was apparently allowed to hastily make changes to decrease the minimum transaction fee in the client, because of some perceived increase in value on 3rd party exchanges that ultimately ended up being insolvent.
Since the price has gone back down, and BTC is now perceived to be worth even less than half as much on current exchanges as during that temporary runup ---- how come the minimum transaction fee wasn't restored to its original place, huh?
Anyone passing by your house or living near you could crack your wifi and do whatever they want. There is also the possibility that your computer becomes a part of someone's botnet, where they can control it from anywhere in the world.
This is what you get for storing your car outside the garage, with no locks on the doors, and the key in the ignition.
Yes, people have speculated in the past that bitcoin might be susceptible to botnets. Even if was true the vulnerability window has well and truly closed.
Don't be too sure.... a large botnet could potentially do some nasty things to the availability of the network ---- particularly, a Botnet with control of sufficient number of Bitcoins to generate an overwhelming volume of transaction spam, so legitimate transactions can't get through --- by using transactions of the minimum size, Or more traditional DDoS techniques such as packet storming the IP addresses of key nodes in the Bitcoin network.
See it's like someone identifying your car in a crime. Doesn't prove you ere driving.
They didn't identify your car in the crime --- they identified a car that had your license plate on it.
Someone else with a nearby/similar vehicle may have been "borrowing" your plate (with or without permission)
Well, sure. But if it were the kind of exchange you were talking about, then they wouldn't have any user funds on hand to freeze.
No.... because the major exchanges are essentially acting as an "escrow" agents as well. Settlement of the trade is "immediate" in that you have to deposit funds to be traded, before you can complete the trade.
Otherwise; there would be all sorts of abuses, like the seller side of the trade failing to deliver on the trade they agreed to -- when the market shifted into their favor; resulting in broken trades.
Instead: the person paying Fiat for cryptocurrency has to have a Fiat balance with the exchange, first. The person paying Cryptocurrency for Fiat has to have a Cryptocurrency balance with the exchange, first.
Any organization that attempts to provide exchange services between 'hard' currencies and an inflating virtual currency is doomed to insolvency in terms of the hard currency.
No... that's totally false. A proper exchange always profits from every transaction, once they have build their business.
The exchange isn't a party to a trade. When two traders enter an order, and the seller's ASK is met (after adding half the exchange fee [spread] to the asking price) by a buyer's BID (after subtracting half the exchange fee [spread] from the buyer's bidding price), then a trade occurs, and the exchange pockets their fee from both sides of the trade.
An exchange might do some market making, where the exchange itself occassionally uses collected fees to act as a buyer or seller, for the purpose of facilitating liquidity on the exchange, BUT it is unnecesary that the Exchange itself take on any market risk regarding the direction that BTC/USD moves in.
Vicurex is tiny. They only did US$30,822 of business
Indeed they are... Why the heck is this even news?
Is it news because the final Goxing finally came, and Slashdot editors have an agenda to keep bringing up articles on the smallest negative event happening to anyone somehow related to Bitcoin?
Or is it news, in order to provide the Vircurex with free desperately needed advertising, or what?
depositors in some of Yancheng City's largest farmers' co-operative mutual fund societies ("banks") have been unable to withdraw "hundreds of millions" in deposits in the last few weeks. "Everyone wants to borrow and no one wants to save," warned one 'salesperson', "and loan repayments are difficult to recover." There is "no money" and the doors are locked.
Nothing. I just happen to know that Cloudflare run a freemium proxy-based CDN service.
There are of course other proxy-based CDNs they could use, where their site would share IP addresses
with hundreds or thousands of other major websites such as CNN, Disney, etc.
And now, if Twitter wants to, it can make Turkey play whack-a-mole by moving IPs every time one gets blocked...
Perhaps someone can persuade Twitter to get a cloudflare account, and use GeoDNS to send Turkey users to some IP addresses shared by a large number of legitimate websites, in order to maximize the amount of collateral damage Turkey will inflict if it keeps attempting to ban Twitter by blocking IP addresses.
Slashdot might be removing comments. Or at least replacing threaded discussions with
flat 255-character one-liner responses, with no HTML markup features.
You are just an imbecile who can't even spell Ad Hominem, let alone remember that an attack against the person does not form a sound argument.
They don't even need to check the CA chain of trust
Then they are not implementing SSL Certificate validation. They are implementing a custom validation scheme. IF they are implementing a custom validation scheme, they may as well implement one that is as SIMPLE as possible, and as SPECIFIC to their application as possible, so it is least likely to be vulnerable to unexpected attacks.
They can control the CA that is trusted.
This is complicated, and likely to result in security errors. There is also the problem that even the "trusted" CA can be compromised. From a security perspective, this is much riskier than just hard coding a single public key.
What if the private key becomes compromised and needs to be rotated?
What If. What if.... You dolt. It's just the same as if a CA key becomes compromised. Publish a security update to the app.
They can implement a backup pin.
AGAIN... with you. More keys that can be attacked, compromised, or guessed. I thought you were trying to PREVENT a covert MITM, not to facilitate one.
What if an attacker steals the key and starts using it to intercept traffic, and the app has no way to check for revocation?
There is an easy way to check revokation --- client or server-side version checks warning the user that their version is out of date and there are security issues.
Seriously, you are - much like un-validated encryption - worse than useless.
Unvalidated encryption is good enough to stop the NSA and 99% of eavesdrop attackers who will be stopped by Validated encryption.
You post like you know what you're talking about, and yet obviously do not.
Well, actually, You: cbhacking do.
If you control both sides, use your own CA.
Unless you're Apple; you don't control what CAs are trusted by default in Safari, or on the iPhone.
Your best bet is still to shut off validation altogether, don't bother with a valid SSL certificate, and do store a hard-coded public key in your app, instead.
I may not notice right away, but SOMEONE is going to notice that the thumbprint, issuing CA, etc for a prolific website all just changed.
People are going to notice this regardless of whether or not you do CA-based certificate validation or not, so it is not a factor.
2) Once such an attack is noticed, it is pretty easy to eliminate the threat: You untrust the CA.
*Cough* Nonsense. What happened to Comodo? After they were compromised 3 times and issued numerous false certificates?
NOTHING. Zip. Nada. None of the browsers untrusted them.
Neither did any of the browsers untrust any of the other CAs that had issued and still have issued phony certs as a result of security compromise.
4) Its hard to pull off. Not many attackers are going to have access to a trusted CA's signing certs.
It is the MITM bit that is hard to pull off. It's relatively easy for attackers to get a fraudulently issued certificate issued, or to get one of thousands of CA's signing keys compromised ----- but in general the attacker can just ask for one, and authenticity verification when issuing a certificate happens to be a weak point.
Is Email encrypted? NO Then why is an e-mailed link being used to validate authorization to issue a cert?
when people think nothing of connecting to public wi-fi networks, MITM protection is critical.
When people visit websites, they are often typing in example.com, not https://example.com
If you think MITM is the issue; the CA system doesn't help in this scenario, as the MITM is likely to negate the redirect to SSL in the first place, and to just keep the user in plain http.
This is about as dumb of an argument against SSL as I can imagine.
I'm not arguing against SSL. I'm arguing against CA Validation which was just A hand wave bolted onto SSL at the very end, in vain attempt to provide authenticitiy.
you're under some kind of deadline pressure and you can't connect to them, don't turn off SSL validation.
OR: Always turn off SSL validation, because it's totally worthless.
The problem is CAs get suberted all the time into issuing certs they shouldn't issue.
In general, the validation provided by a certificate doesn't work, and many developers and security professionals alike mistake the theoretical security benefits of validation, from the fact in reality.
SSL Certs = Maginot Line
so eventually someone will go through and ask, "What was that $70K for?"
It would just be listed as "Legal expenses / Lawyer fees / Settlement costs".
The financial statements of the public school districts may be open for public inspection, but, of course the sensitive details of individual transactions are not.
These stats might be really telling us that lots of cars have cell phones in them.
Not just Agreed.... that is probably exactly what the stats are telling us ---- And not, how dangerous (or benign) cell phones are.
Imagine how many accidents there are where the vehicle radio or air conditioning is turned on!
Just because two things are happening at the same time, doesn't mean they are related.
Is this one going to be void too; or did the school forget to add the confidentiality clause, for some reason?
For any particular crime, you can with in reason pin point it to the exact planet on which the criminal is on.
<Alien2> Ah crap.... they're on to us? We thought the dark side of the moon would be a safe place to conduct all our shady dealings.
* <Alien3> scrambles to wipe disk drives of evidence of Stuxnet1, Stuxnet2, and Stuxnet3 creation.
$7.25 per hour tax, TIMES the number of workers replaced for the operation of any mechanical robotic automaton, machine, or system of automatons and machines in the retail / distribution, manufacturing, sales, food service, freight, or delivery industries performing any kind of work that would traditionally be done by a human worker.
Whenever the minimum wage is increased; the tax is to be increased to 70% of the minimum wage. Up to 15% of the tax can be deducted by the cost of payments for actual replacement parts, repair, and electricity required to operate the automaton.
For any turnkey 'intelligent' automaton or system of automatons that completely conducts a job ordinarily requiring a number of secretaries, lawyerers, scientists, engineers, technicians, or medical professionals, the tax is increased 300% times number of workers for any labor or clerical work, and by 2000% for any professional work completely executed by the machine.
All fees to be awarded by the state to professionals qualified to work in those roles, who will agree to receive a portion of the tax as a "state paid salary" in lieu of work --- and in exchange, making themselves available to perform any services required by the government if called upon in the future.
It's end of life anyway... Microsoft should be happy to publish all that code too, right?
We're talking about a version of DOS where the only text editor is edlin, and this is before we start dealing with Dou-- er, DriveSpace.
OK... How about DOS 5.0? I started with that. No doublespace or drivespace there.
You could always offer more to process your transaction. I suspect they also haven't modified the minimum transaction fee because the price is still pretty high
Yeah.... and I could always configure my bitcoind to treat transactions with a fee less than 0.005 as non-standard and not propagate them (which I do)
But my point is it's kind of silly for the network default minimum to "track exchange value" changes, if the minimum doesn't go back up, when the price movement on the exchanges sees a reversal.
Er, what? The fee went from 0.0005 BTC to 0.0001 BTC because the VALUE of the BTC went UP.
No..... someone was apparently allowed to hastily make changes to decrease the minimum transaction fee in the client, because of some perceived increase in value on 3rd party exchanges that ultimately ended up being insolvent.
Since the price has gone back down, and BTC is now perceived to be worth even less than half as much on current exchanges as during that temporary runup ---- how come the minimum transaction fee wasn't restored to its original place, huh?
Anyone passing by your house or living near you could crack your wifi and do whatever they want. There is also the possibility that your computer becomes a part of someone's botnet, where they can control it from anywhere in the world.
This is what you get for storing your car outside the garage, with no locks on the doors, and the key in the ignition.
Yes, people have speculated in the past that bitcoin might be susceptible to botnets. Even if was true the vulnerability window has well and truly closed.
Don't be too sure.... a large botnet could potentially do some nasty things to the availability of the network ---- particularly, a Botnet with control of sufficient number of Bitcoins to generate an overwhelming volume of transaction spam, so legitimate transactions can't get through --- by using transactions of the minimum size, Or more traditional DDoS techniques such as packet storming the IP addresses of key nodes in the Bitcoin network.
See it's like someone identifying your car in a crime. Doesn't prove you ere driving.
They didn't identify your car in the crime --- they identified a car that had your license plate on it. Someone else with a nearby/similar vehicle may have been "borrowing" your plate (with or without permission)
Well, sure. But if it were the kind of exchange you were talking about, then they wouldn't have any user funds on hand to freeze.
No.... because the major exchanges are essentially acting as an "escrow" agents as well. Settlement of the trade is "immediate" in that you have to deposit funds to be traded, before you can complete the trade.
Otherwise; there would be all sorts of abuses, like the seller side of the trade failing to deliver on the trade they agreed to -- when the market shifted into their favor; resulting in broken trades.
Instead: the person paying Fiat for cryptocurrency has to have a Fiat balance with the exchange, first. The person paying Cryptocurrency for Fiat has to have a Cryptocurrency balance with the exchange, first.
Any organization that attempts to provide exchange services between 'hard' currencies and an inflating virtual currency is doomed to insolvency in terms of the hard currency.
No... that's totally false. A proper exchange always profits from every transaction, once they have build their business.
The exchange isn't a party to a trade. When two traders enter an order, and the seller's ASK is met (after adding half the exchange fee [spread] to the asking price) by a buyer's BID (after subtracting half the exchange fee [spread] from the buyer's bidding price), then a trade occurs, and the exchange pockets their fee from both sides of the trade.
An exchange might do some market making, where the exchange itself occassionally uses collected fees to act as a buyer or seller, for the purpose of facilitating liquidity on the exchange, BUT it is unnecesary that the Exchange itself take on any market risk regarding the direction that BTC/USD moves in.
Vicurex is tiny. They only did US$30,822 of business
Indeed they are... Why the heck is this even news?
Is it news because the final Goxing finally came, and Slashdot editors have an agenda to keep bringing up articles on the smallest negative event happening to anyone somehow related to Bitcoin?
Or is it news, in order to provide the Vircurex with free desperately needed advertising, or what?
Except in China... it's not just BTC exchanges... banking not so safe; it's normal banks defaulting on their loans, too.
How much the cloudflare folks are paying you ??
Nothing. I just happen to know that Cloudflare run a freemium proxy-based CDN service. There are of course other proxy-based CDNs they could use, where their site would share IP addresses with hundreds or thousands of other major websites such as CNN, Disney, etc.
And now, if Twitter wants to, it can make Turkey play whack-a-mole by moving IPs every time one gets blocked...
Perhaps someone can persuade Twitter to get a cloudflare account, and use GeoDNS to send Turkey users to some IP addresses shared by a large number of legitimate websites, in order to maximize the amount of collateral damage Turkey will inflict if it keeps attempting to ban Twitter by blocking IP addresses.
Slashdot might be removing comments. Or at least replacing threaded discussions with flat 255-character one-liner responses, with no HTML markup features.