Other Software > Developer's Corner

The internet hijacked

<< < (2/4) > >>

tinjaw:
Mr. Hat..err... Gothi[c],

One reason you don't see as much (https) encrypted websites on the web as you should is because of a limitation in the https protocol: only one https domain name per ip address is possible.-Gothi[c]
--- End quote ---

Just using my intuition, I wouldn't guess that as one of the reasons. What are you basing your statement on? Strictly going on personal experience, I don't think there is a lack of use of SSL. I don't always pay attention, but just about any website I use that requires the transfer of data of a personal nature uses an SSL connection. (Don't forget that the page with the form may be served up w/o SSL and the page you see after submission may be served up w/o SSL, but the forms data can still be sent via https.)

The number one problem, IMNHO (In My Never Humble Opinion) is that geeks rule the internet. They build stuff that makes sense to them, not "normal" people. The #1 problem in that geeks expect other geeks to "comply" and "understand" the technical issues and so build things that way. Let's continue on the example of HTTPS. Geeks may understand why warning boxes pop-up and warn about SSL certs and hostnames not matching ip addresses and domains having expired and crap like that. But what does the average user do? The exclaim, "WTF is this?" and then click through the error box and go to the page anyways. Why? Because they have done it before and the world didn't end. Why did they do it before? Because some sysadmin goofed up in the past and the cert was invalid for 24 hours on some site the user trusted. When the user went to that site during that 24 hour period they saw the warning box, didn't understand the technical details, clicked through, and all was well.

I don't know what the solution to such problems are, but I doubt they are purely technical.

Gothi[c]:
Most of the major sites and sites that absolutely need https will of course have it.
It's your average joe cpanel user that runs into the issues like you stated.
I was merely using it as an example, not stating it is 'the' reason.
I find it a perfect example showing how many of the protocols we use are inherently flawed, or perhaps, more
correctly, used these days as they were never intended to be used. It's as if the entire internet is hack built upon hack built upon hack, just to make things work.

Rebuilding the entire lot to be more user friendly so your average joe can run a site or server without worrying about hackers or security would be a dream-solution, but unfortunately the sad reality is that there is no such thing as 100% security, even if you were to build the system from the ground up to be user friendly.

The result would then be even more people running servers that don't understand basic security, and even more malware and drone servers on the net.

You may build a fortress from the ground up, security flaws will exist, and perhaps it is a good thing, in a way, that some knowledge is required to set up basic things, since people with that knowledge 'tend' to be more security aware.

Windows was designed to be user friendly out of the box, and look how many virus infected drone computers are out there. Vista was redesigned with security in mind and to address many issues, and it only took a few days for exploits to be released in the wild. It may not be the perfect example again, but I think the point is that it may not always be a good idea to promote a culture where knowledge/experience isn't needed to run things.

cranioscopical:
Anyway,.. who cares about the hat?
-Gothi[c] (May 20, 2008, 03:13 AM)
--- End quote ---

Well, I don't think you should beret the idea!

momonan:
cranioscopical, how DO you do it? 8)

f0dder:
There's a couple of WTFs here... one is that so many of the internet protocols we use have gaping security holes - something as critical for the whole internet infrastructure as the root DNS servers ought to have some form of cryptographic verification applied. I do realize it's basically impossible to change something as established as the DNS protocol, though, and that crypto verification would be very costly on something as high-volume as root DNS servers.

Another WTF is that the IP address was changed in the first place. Now, the server might have needed to be moved to a different facility or what do I know, but when you're dealing with servers that have (and need) their IPs hardcoded in various places, you simply don't change that IP, period. And if it has to be done, for some extremely critical reason, you especially do not give up the old IP for grabs.

As for SSL, it protects you against casual snooping and tampering, but afaik as soon as there's a man-in-middle (exploited router, carnivore box at your ISP, ...) you're game over anyway.

Navigation

[0] Message Index

[#] Next page

[*] Previous page