Auteur Sujet: The “S” added to the end of the “HTTP” means SECURE.  (Lu 3601 fois)

0 Membres et 1 Invité sur ce sujet

ka9yhd

  • Invité
The “S” added to the end of the “HTTP” means SECURE.
« le: 14 juillet 2013 à 14:25:12 »
Here is an interesting read.

"The Internet is a cooperative PUBLIC DATA NETWORK. Its data traffic flows around the globe freely, transported by an incredible variety of intermediate carriers. These carriers cooperate because they need each other equally: “I'll carry your traffic if you'll carry mine.” And the system works. But with all of this traffic zipping around all over the place, in full public view, how do we KNOW that we are really connected to our bank, our medical records database, or any other public or private website? Websites are (obviously) easy to create, so copying a popular website and redirecting traffic there would not be difficult. And, unfortunately, the world has no shortage of people who would like to do that.
The original un-secured HTTP web connections never attempted to authenticate or encrypt their connections. Users who knew enough to wonder and worry could only hope that they were actually interacting with the website they intended. And that was fine back when the Internet was just a curiosity. But the Internet has grown into a resource where people conduct business, place orders, exchange stock, refer to their medical histories, perform their banking, and everything else—very much as they do in the physical world. For the “cyber versions” of these activities to be feasible, users expect, need, and must have security and privacy"

https://www.grc.com/fingerprints.htm

Hors ligne mimas

  • Général du Roi
  • Membre Complet
  • ***
  • Messages: 114
  • Jamais content
    • G+
Re : The “S” added to the end of the “HTTP” means SECURE.
« Réponse #1 le: 14 juillet 2013 à 20:44:39 »
Very interesting. A few months ago, I read something about how to fingerprint browsers with installed plugins, fonts and other informations provided by browser when surfing a website. It is amazing to see how an ocean of users can be reduced in small buckets and how anonymity can be mostly erased. I think it was on this website.

> Web browsers trust the identity assertion made by a remote web site when that site presents a certification of its identity that has been signed by a higher authority that the browser already trusts.

This happened in Tunisia, and probably other countries too,  when Microsoft helped the government to forge false certificates for man-in-the-middle attacks.

https://news.ycombinator.com/item?id=2138565

Firefox extension "HTTPS everywhere" has a SSL Observatory for detecting certificates problems.

https://www.eff.org/deeplinks/2012/02/https-everywhere-decentralized-ssl-observatory



« Modifié: 14 juillet 2013 à 21:22:54 par mimas »
When any government, or any church for that matter, undertakes to say to its subjects, "This you may not read, this you must not see, this you are forbidden to know," the end result is tyranny and oppression, no matter how holy the motives.