Discussion Forums > Technology
Can ISPs see the full adress you put into the adress bar?
kitamesume:
for the most part, yes i don't know what im talking about. what i know is only at the tip of the ice berg, because, well im not into networking.
as for the decryptions, theres already a lot ways to do this.
decrypting ssl
spying on tor
so theoretically its impossible to be fully secure, at the most part you could just mask your line to evade prying eyes.
though now a days putting up a high-level encryption would attract more attention than going bare, what would you think about a regular salaryman renting an armored car and a few tanks just to transport something unknown? suspicious o.o
Pentium100:
--- Quote from: kitamesume on August 24, 2012, 08:27:54 AM ---for the most part, yes i don't know what im talking about. what i know is only at the tip of the ice berg, because, well im not into networking.
as for the decryptions, theres already a lot ways to do this.
decrypting ssl
--- End quote ---
Too bad you didn't link to a specific site about this. However, normally, to decrypt SSL, you either need the private key of the server (so you can decrypt the captured data), a valid certificate with the server's name on it (then you can do a MITM* attack) or a clueless user that ignores certificate warnings (then you can do a MiTM attack without a valid certificate).
* a MiTM attack is the attacker inserting himself between the client and the server, pretending to be the client (to the sever) and the server (to the client), so that the connection is not like this:
client <====encrypted====>server
but this:
client <====encrypted====>attacker<====encrypted====>server
with the attacker being able to read the plaintext data.
However, SSL was designed with this in mind, this is why it uses certificated to validate if the "server" is the actual server or someone pretending to be it.
--- Quote ---spying on tor
--- End quote ---
Yes, it is possible to figure out both endpoints and the data being sent on TOR, it requires a lot of work though and (IIRC) requires targeting a specific user ("What Pentium100 is doing?") instead of tracing back ("Who posted this comment insulting our glorious leader?").
--- Quote ---so theoretically its impossible to be fully secure, at the most part you could just mask your line to evade prying eyes.
though now a days putting up a high-level encryption would attract more attention than going bare, what would you think about a regular salaryman renting an armored car and a few tanks just to transport something unknown? suspicious o.o
--- End quote ---
Maybe I like driving an armored car, own one and use it all the time :).
SSL is widely used for banking and logging in to websites (even if they later drop back to unsecure HTTP). Also, Google allows you to use HTTPS with Gmail all the time (instead of just when you are sending the password).
As for "suspicious", a lot of things can be suspicious, someone said that not using Facebook (I do not have an account and do not intend to get one) is suspicious.
Also, it is possible to be fully secure - you just need to want it bad enough to implement one time pad encryption. That is unbreakable, even given infinite time, however, the downside is that you need to meet and give the key to the other party.
datora:
.
--- Quote from: Pentium100 on August 24, 2012, 06:53:34 PM ---As for "suspicious", a lot of things can be suspicious, someone said that not using Facebook (I do not have an account and do not intend to get one) is suspicious.
--- End quote ---
I had a job interview about six weeks ago in which I was asked what my Facebook account is, and would I Friend the interviewer so she could check my profile. When I told her I don't have a Facebook account there was this really awkward pause where she got this look in her eyes like she was trapped in a room with someone who was mentally unstable. I'm not expecting to hear back from that company.
Just what has happened to the world ..??! I mean, for teh sake of fuck. She wasn't trapped. ::)
But, yeah. Weird how a company like this is looking for a technology expert, then gets surprised (and scared) that said expert knows that the Internet is somewhat more than just Facebook, and has a rational grip on how to travel t3h Toobz with security protocols in place. They go on to hire some Tumbling Twit with a cool-looking Facebook profile, then can't figure out why they're getting hacked while said Twit is spending all day updating his social media accounts.
kitamesume:
then wouldn't the ISP be able to easily launch an MiTM attack? since they're practically [client <====encrypted====>ISP<====encrypted====>server]
wouldnt it be more secure to transfer the files physically then? lols, plus its more manageable within laws since its not the internet anymore *chuckles*.
ps: facebook needs to die, its like it has become the world's biggest ID database >,>
Freedom Kira:
--- Quote from: kitamesume on August 24, 2012, 08:19:07 PM ---then wouldn't the ISP be able to easily launch an MiTM attack? since they're practically [client <====encrypted====>ISP<====encrypted====>server]
--- End quote ---
No. The idea behind a MITM attack is that the MITM is impersonating the client and server by spoofing their security (identity) certificates, so that the attacker is having the client encrypt stuff with the attacker's key instead of the real server's key. Same situation on the server-attacker side.
An ISP is a MITM in a technical sense of the term, but does not act as an attacker because it is merely passing data back and forth between the client and server. It does not know either side's private keys and thus cannot decrypt any of the data passing back and forth.
Read a little bit into public key encryption and security certificates. Verisign is a good topic to read about too, since it is the trusted entity on the Internet that holds all registered security certificates and connects them with identities. If you visit a site via HTTPS and its security certificate is either unregistered or does not match the site it is claiming to be, all modern browsers will tell you.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version