Syllable Forum Index Syllable
Syllable Forums
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

https for forum
Goto page Previous  1, 2
 
Post new topic   Reply to topic    Syllable Forum Index -> Syllable Desktop
View previous topic :: View next topic  
Author Message
Ronaldlees



Joined: 15 Oct 2014
Posts: 147

PostPosted: Wed Mar 18, 2015 10:14 am    Post subject: Reply with quote

I just re-read this thread, and realized I made a misstatement relative to one of the points I was trying to make. A shell code could indeed have been executed on any connection, including even an HTTPS one - if done early enough in the handshake, and the network stack and/or apps were vulnerable. That's the misstatement. Specific browser exploits probably could not be done after a proper encryption had begun - because the injection would be junk unrelated to the proper content.

I'm seeing the same result with all kinds of network back ends, using different browsers and different operating systems. So - that leads me away from the idea of an early handshake shell code exploit.

The ciphers themselves are nice natural law based things. They're more likely to actually require brute force, and that leads me away from the idea that the data algorithms are broken (aside from the easily brute forced 40 bit stuff).

Some (a few) of the certs could have been revoked rather than forged, but there is really no very good way to check for that. I can use OCSP servers to check, but those may be subject to similar manipulations. Not being able to authenticate the original server infers to me that I may not be able to authenticate OCSP servers either. Could be, but I don't know. I have absolutely no faith in the internet here. Too many proxies and too much bad faith.

I consider it to be a forced plain text situation, really. The only other explanation would be a hardware exploit, black hat and mask style. That seems less plausible. I'm just a regular guy Smile
Back to top
View user's profile Send private message
Ronaldlees



Joined: 15 Oct 2014
Posts: 147

PostPosted: Wed Mar 18, 2015 10:30 am    Post subject: Reply with quote

* Break it between coffees * LOL - yeah that's funny. I don't remember that I was so amused when I was sitting there tho...

Earlier - I made mention of the 500+ keys (in the wild). That paper airplane design doesn't fly for some of the lesser sites I've visited. It could be like the tests that some teaches are known to give - where more often than not the answer is *all of the above*.
Back to top
View user's profile Send private message
Ronaldlees



Joined: 15 Oct 2014
Posts: 147

PostPosted: Wed Mar 18, 2015 11:13 am    Post subject: Reply with quote

"The only other thing it could be..."

Those are famous last words, if there ever were any Smile

I'm just doing a little brainstorming here, and not trying to waste forum space. One of the "left unsaid" other things is the root cert file. No matter where it comes from, how much do we trust this animal?
Back to top
View user's profile Send private message
jaspras



Joined: 13 Sep 2007
Posts: 96
Location: Greece

PostPosted: Wed Mar 18, 2015 11:29 am    Post subject: Reply with quote

never trust the animal....
Back to top
View user's profile Send private message
Ronaldlees



Joined: 15 Oct 2014
Posts: 147

PostPosted: Wed Mar 18, 2015 12:09 pm    Post subject: Reply with quote

[quote="jaspras"]never trust the animal....[/quote]

Yes - mistrust has slowly become a big part of my internet personality. Off the internet, I still trust my two hundred pound dogs (100# each). They're fat labradors, and they're animals Smile
Back to top
View user's profile Send private message
jaspras



Joined: 13 Sep 2007
Posts: 96
Location: Greece

PostPosted: Wed Mar 18, 2015 2:19 pm    Post subject: Reply with quote

i Got a pointer ... i raised him from birth... i still dont trust that b*star*d .. Smile
Back to top
View user's profile Send private message
Ronaldlees



Joined: 15 Oct 2014
Posts: 147

PostPosted: Thu Mar 19, 2015 10:30 am    Post subject: Reply with quote

[quote="jaspras"]i Got a pointer ... i raised him from birth... i still dont trust that b*star*d .. Smile[/quote]

Hahahee - well, when your dog's weights added together total 230 pounds (which is what - a little over a 100 kg?) - you HAVE TO trust them, or make sure they never get hungry Smile
Back to top
View user's profile Send private message
Ronaldlees



Joined: 15 Oct 2014
Posts: 147

PostPosted: Thu Mar 19, 2015 8:21 pm    Post subject: Reply with quote

Proxies are bad. Very, very bad. Proxies are in the best position to exploit your system, since your connections are made directly to them. Proxies don't need to worry about TCP sequences and whatnot. If you don't use https, you're toast, but if you do use it, they can always use forged certs to decrypt your sessions, insert exploits, and re-encrypt the whole mess for the trip back to you. Lather, rinse, repeat. Find a flaw and get lucky. Have a database of thousands of flaws built right into the proxy software. Wow, what a boondongle - yippee! Here in the US we are completely buggered by proxies. Proxies, proxies, everywhere there are proxies.

Worldwide, I think it's a growing trend - but I think I need to move to where the proxies aren't growing like dandelions.
Back to top
View user's profile Send private message
jaspras



Joined: 13 Sep 2007
Posts: 96
Location: Greece

PostPosted: Thu Mar 19, 2015 11:16 pm    Post subject: Reply with quote

Tor ?
Back to top
View user's profile Send private message
Ronaldlees



Joined: 15 Oct 2014
Posts: 147

PostPosted: Fri Mar 20, 2015 9:35 am    Post subject: Reply with quote

[quote="jaspras"]Tor ?[/quote]

This will be my last post on this thread. It's way OT (other than Syllable is related to my attempts to define a more resilient platform).

I tried Tor. It doesn't work (at least for me). The problem with Tor is that your connection to the first Tor node MUST be successfully encrypted (and not decrypted by a proxy). If your first hop is compromised, it's over with. I looked at the connection to the first Tor node. It was using the DHE_RSA_AES256-GCM-SHA384 suite if I recall correctly. There were no other connections on my machine. Yet, stuff got injected into the target site's material. That tell's me that a ginnied up proxy-cert (that flew under the browser's radar) was used to decrypt the data on the last mile. But I'm still open to other ideas. You know it's not good to say it's over till it's over. BTW - It was a fresh install of the OS - and the first connection.

The overall environment here is getting to the point of ridiculous. The other day, I was making copies of my taxes at a local copier machine facility. As I was leaving, one of the clerks wanted to know why there was some (somewhat unique) feature on my returns. He was nowhere near the copier at any time. That's life in the US today.
Back to top
View user's profile Send private message
Ronaldlees



Joined: 15 Oct 2014
Posts: 147

PostPosted: Fri Mar 20, 2015 9:40 am    Post subject: Reply with quote

Ok - the last post = was the second last post. A ginnied up proxy-cert would not be used by itself to decrypt the data - it would be used to convince your browser that it is OK to have a "secure" connection with the proxy - so that the proxy would by default have the keys to decrypt the data. etc, etc.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Syllable Forum Index -> Syllable Desktop All times are GMT - 6 Hours
Goto page Previous  1, 2
Page 2 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group