You don't send the finger print to the other person. You get them to speak to each other, and confirm that way. Regardez:
You connect to me, I supply my public key, you accept, create tunnel with it. (And vice versa.)
Now, your client displays the fingerprint of the public key you received from me, and my client displays the fingerprint of the public key I sent.
I ask you what the fingerprint is (via voice), and you tell me. It should match. Of course, if the MITM could synthesise your voice, and replace your spoken fingerprint with the fingerprint of the substituted one, it wouldn't work. But I think it's OK.
Repeat for the public key you sent me.
No, because the local client prints on the screen the fingerprint of the public key that was sent, and unless the remote talker says that is the public key they received, they hang up, unplug their computers, and drive to the Ukraine.
Isnt there some sort of law against this kind of stuff?
Darwin's Law. You'll probably not install anything Yahoo! offers every again, will you? So they're effectively killing their market off with tactics like that.
The way I've seen is let the clients generate and send a public cert, and accept, and then get the users to ask each other what the fingerprint of the key is they are using. If it matches, good. If not, man in the middle.
I never click on files on my Desktop, but the other behaviour sounds right. Do you know what the cause is, or the solution, or if it's in the FF bugs DB?
A question, which is off topic, but not entirely:
Does anyone else have the problem that occurs sometimes when everything you type into the browser, every single character goes into the form, but it also pops up the "search" functionality and puts the character in there. It also loses focus, so you have to reclick back into the form field, and type the next character.
I have no idea what causes it, but I have to close my browser, and restart it.
If you don't know what I'm talking about you don't have it.
I'm not trying to troll here, but I think this picture says a lot : Only In America.
I'm not agreeing, or disagreeing with your stuff above that, but my gym, in the south of the UK has an escalator. I use it too. And then do 90 minutes on the crosstrainer. I'd rather do my workout in a concerted burst where I can really go for it.
American employee: Hello Boss, I can't come into work today. I'm seriously sick.
American employer: Oh, how sick?
American employee: Well, I'm in bed with my sister.
If you're running Gentoo stable, then you're safe: you've got Xorg 6.8.2, which is not vulnerable.
No. If you're running Gentoo stable, and you ritually update your system every night, you've got 6.8.2.
Some of us only update packages when security alerts are discovered, or when we need new functionality in a package.
Spoofed packets were the idea behind an anonymous P2P network I envisaged, and designed a few years ago. udpp2p.sf.net, if you're interested. Man, that was ropey code. (I didn't write any of it, by the way!)
Is there a website that rates countries by civil rights? It would be interesting to know what country was number 1, and where the US, UK, France, Germany, etc came.
No, it's not the same behaviour as Microsoft uses. Microsoft are a monopoly with billions behind them.
Anyway, my thought was, wouldn't it be better to just include all the common code in you page that crashes IE? If suddenly, IE started crashing on lots of sites, that might upset the users enough.
Mind you, I have a friend (who used to be a Unix admin), and when I advised his girlfriend to use Firefox, he said, No, no point. Not sure what the motto is there.
Cue all the technophobic Americans moaning that they just want a mobile phone to make voice calls with.
The US is really quite a few years behind the curve in public adoption of mobile technology. Geography, pricing, whatever the reason is, but it's a fact.
All those kisses at the bottom - that's a nice touch. Seems like quite a close and intimate company to me - not like the evil mega-corp people portray it to be...
Slashdot Mirror
Sorry, I didn't notice the IM part in your post - I've just re-read it, and yes, it does say from an IM perspective.
I agree, normally key verification has to talk place outside the main communication band normally otherwise MITM can occur.
PS. I've quoted you on my website.
You don't send the finger print to the other person. You get them to speak to each other, and confirm that way. Regardez:
You connect to me, I supply my public key, you accept, create tunnel with it. (And vice versa.)
Now, your client displays the fingerprint of the public key you received from me, and my client displays the fingerprint of the public key I sent.
I ask you what the fingerprint is (via voice), and you tell me. It should match. Of course, if the MITM could synthesise your voice, and replace your spoken fingerprint with the fingerprint of the substituted one, it wouldn't work. But I think it's OK.
Repeat for the public key you sent me.
No, because the local client prints on the screen the fingerprint of the public key that was sent, and unless the remote talker says that is the public key they received, they hang up, unplug their computers, and drive to the Ukraine.
Hurrah! We can be 64 bit buddies now. Let's get a VPN up between them, so they can talk.
Darwin's Law. You'll probably not install anything Yahoo! offers every again, will you? So they're effectively killing their market off with tactics like that.
The way I've seen is let the clients generate and send a public cert, and accept, and then get the users to ask each other what the fingerprint of the key is they are using. If it matches, good. If not, man in the middle.
I never click on files on my Desktop, but the other behaviour sounds right. Do you know what the cause is, or the solution, or if it's in the FF bugs DB?
A question, which is off topic, but not entirely:
Does anyone else have the problem that occurs sometimes when everything you type into the browser, every single character goes into the form, but it also pops up the "search" functionality and puts the character in there. It also loses focus, so you have to reclick back into the form field, and type the next character.
I have no idea what causes it, but I have to close my browser, and restart it.
If you don't know what I'm talking about you don't have it.
I'm not agreeing, or disagreeing with your stuff above that, but my gym, in the south of the UK has an escalator. I use it too. And then do 90 minutes on the crosstrainer. I'd rather do my workout in a concerted burst where I can really go for it.
Well, maybe they're not named "bank holidays", but we miss out on days off work. As shown here.
American employee: Hello Boss, I can't come into work today. I'm seriously sick.
American employer: Oh, how sick?
American employee: Well, I'm in bed with my sister.
No. If you're running Gentoo stable, and you ritually update your system every night, you've got 6.8.2.
Some of us only update packages when security alerts are discovered, or when we need new functionality in a package.
Are you serious, or insane?
But your ISP may cut off your access if they run something to detect spoofed packets.
Spoofed packets were the idea behind an anonymous P2P network I envisaged, and designed a few years ago. udpp2p.sf.net, if you're interested. Man, that was ropey code. (I didn't write any of it, by the way!)
Is there a website that rates countries by civil rights? It would be interesting to know what country was number 1, and where the US, UK, France, Germany, etc came.
Is she? I never knew.
Not me. Ctrl T, click "Home", and type/paste the query into Google direct. I hate that little box. It's way too small.
No, it's not the same behaviour as Microsoft uses. Microsoft are a monopoly with billions behind them.
Anyway, my thought was, wouldn't it be better to just include all the common code in you page that crashes IE? If suddenly, IE started crashing on lots of sites, that might upset the users enough.
Mind you, I have a friend (who used to be a Unix admin), and when I advised his girlfriend to use Firefox, he said, No, no point. Not sure what the motto is there.
Cue all the technophobic Americans moaning that they just want a mobile phone to make voice calls with.
The US is really quite a few years behind the curve in public adoption of mobile technology. Geography, pricing, whatever the reason is, but it's a fact.
Wouldn't resources be better spent in trying to prevent this occurring, and not simply mopping up afterwards?
All those kisses at the bottom - that's a nice touch. Seems like quite a close and intimate company to me - not like the evil mega-corp people portray it to be...