new message

Mouse mouse at Rodents-Montreal.ORG
Sun Nov 22 16:25:47 CST 2015


> https is supposed to prevent "man in the middle" attacks, provided you enfor$

That was the original theory, as I understand it.

But there are way too many "in most browsers by default" CAs that are
willing to sell wildcard certs such as can be used for MitM attacks
without disturbing cert validity checks.  I even recall hearing of some
caching proxy (squid maybe?) that, out of the box, could use such a
cert to provide caching for HTTPS connections - they're that common.

Not surprising, really.  The CA hierarchy is both the most central
point and quite possibly the most commercialized and thus most venal
point, so it's natural that it would be the major point that's come
under attack by actors wishing to compromise the security HTTPS could
have offered.  (Some of them, probably, even have the best of
intentions....)

> Another option if you have people messing with your web access is
> Tor.

Or, of course, file bug reports with the provider in question and, if
they're honest enough to admit what they're doing, switch.  I know _I_
certainly wouldn't tolerate that sort of messing with my data stream.

For those unfortunate enough to have nobody affordable to switch to,
all I can suggest is ssh (or operational equivalent, such as a VPN) to
a hosted, possibly virtual, machine somewhere not behind such crippling
restrictions.  (Depending on such factors as the jurisdiction and your
dedication to the cause, a lawsuit might also be an option.)

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse at rodents-montreal.org
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B


More information about the cctalk mailing list