topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 8:05 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Isn't it ironic?  (Read 6751 times)

longrun

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 155
    • View Profile
    • Donate to Member
Isn't it ironic?
« on: October 05, 2007, 11:13 PM »
Firewalls have been discussed elsewhere on DC; this is simply for your amusement.

wreckedcarzz

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 1,626
    • View Profile
    • Donate to Member
Re: Isn't it ironic?
« Reply #1 on: October 05, 2007, 11:58 PM »
 ;D

Thats different, definitely worth a laugh :)

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Isn't it ironic?
« Reply #2 on: October 07, 2007, 03:51 AM »
BEAUTIFUL! :D

The security crowd really irks me as they really do little more than peddle fear and confusion. I love to see them trip over their own 'doom and gloom' sermons. Serves them right.

Not sure if anyone ever listens to the Security Now podcast, but there was a show a few episodes back (between 108~110 - forget which) where Steve is going on about his "secure" password page where you can generate "secure" passwords and that nobody can know them because the page is all "secure" through SSL, blah blah blah... From that page:

What makes these perfect and safe?
...
Also, because this page will only allow itself to be displayed over a snoop-proof and proxy-proof high-security SSL connection, and it is marked as having expired back in 1999, this page which was custom generated just now for you will not be cached or visible to anyone else.

*Emphasis mine...

Screen shot courtesy of my favorite screen shot utility, Screenshot Captor:

Security-Experts-Are-Full-Of-Shit.pngIsn't it ironic?

The page is http://grc.com/password.htm.

Both IE and Firefox redirect to HTTPS, but Opera doesn't. Why? Well, the answer should be fairly obvious. IT'S A SECURITY HOLE!

The page IS NOT secure in Opera. Huh? WTF? Wait a second... Didn't the security expert just say, "this page will only allow itself to be displayed over a snoop-proof and proxy-proof high-security SSL connection?"

So much of the security industry is just pure snake oil.

And besides, nobody needs 64 character passwords. That's just silly. The universe will die out before you can brute force anything near that.

Reminds me of an Ozzy song - Miracle Man. It's about when the TV evangelist Jimmy Swaggart got caught with a hooker.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

jgpaiva

  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 4,727
    • View Profile
    • Donate to Member
Re: Isn't it ironic?
« Reply #3 on: October 07, 2007, 06:37 AM »
The page IS NOT secure in Opera. 
Apparently, the man has no fault... On opera 9.5 build 9562, it is displayed over https, which means it probably was a problem with earlier versions of opera and not the page itself.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Isn't it ironic?
« Reply #4 on: October 07, 2007, 07:44 AM »
The page IS NOT secure in Opera. 
Apparently, the man has no fault... On opera 9.5 build 9562, it is displayed over https, which means it probably was a problem with earlier versions of opera and not the page itself.

I refuse to recant! ;)

The problem can't be in the browser. HTTPS is determined by the server. When a request comes in over HTTP, you can either accept it and continue, or refuse, or redirect. Just because a client asks for an HTTP/HTTPS page doesn't mean that it can necessarily get it. Those decisions are left to the web application.

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Lashiec

  • Member
  • Joined in 2006
  • **
  • Posts: 2,374
    • View Profile
    • Donate to Member
Re: Isn't it ironic?
« Reply #5 on: October 07, 2007, 05:13 PM »
Unfortunately, the problem seems to be in Opera as, for some reason, does not show the lock, but the certificate is active as this pic shows

Capture-5.pngIsn't it ironic?

Yeah, it's in Spanish, but you can see the certificate information below. This error also makes Opera tag the site as not secure.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Isn't it ironic?
« Reply #6 on: October 07, 2007, 08:05 PM »
Nope... There's definitely something funny going on there at GRC.

I used to be able to view the site at "http://grc.com" but it now redirects to "http://www.grc.com".

Note that in the screen shot I had it was the former there, and in yours, the latter (well, https but with WWW I mean). Now when I go to the page it properly redirects from HTTP and no subdomain to HTTPS and WWW.

I'm betting that it's been fixed. If you've ever followed anything from Steve, he seems to really dig down into his web logs. He may have noticed links from here and fixed it. Dunno. It's just too odd of a coincidence. I have another screen shot of it from Sept. 19th on a different machine (same behaviour on 3 different machines with Opera), so really can't see any other option than that it's been fixed.

Anyways... It would be interesting to actually know what exactly happened there.

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Lashiec

  • Member
  • Joined in 2006
  • **
  • Posts: 2,374
    • View Profile
    • Donate to Member
Re: Isn't it ironic?
« Reply #7 on: October 08, 2007, 02:08 PM »
Anyways... It would be interesting to actually know what exactly happened there.

He was attacked by script kiddies again! ;D

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Isn't it ironic?
« Reply #8 on: October 08, 2007, 04:50 PM »
Anyways... It would be interesting to actually know what exactly happened there.

He was attacked by script kiddies again! ;D

Script kiddies that fix security holes! :D

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker