[aklug] Re: Tor + Firefox

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/14/2012 12:35 AM, R Denison wrote:

>
> Truth be told I don't run tor much these days, mostly due to
> inconvenience. And if I understand correctly there's the potential
> that, unless you're getting SSL connection to your destination
> server, it's subject to MITM modification at the exit node(s).
>

I use enforced HTTPS, so Firefox literally won't visit any URLs with
simple HTTP protocol. The trade-off to this self-imposed security
requirement is that I have lost access to about half the Internet. At
least a quarter of that, I'd guess, are sites that make a secure port
available but have not configured it correctly. I've seen expired
certificates, self-signed certificates, non-matching certificates, and
even hosts trying to offer unsecured HTTP out of the HTTPS port.
Between that, and all the sites using partial encryption, it's a
pretty nasty mess out there.

To my very much good fortune, though, Wikipedia is fully encrypted
with a top-grade cipher and a valid cert. :)

BTW, even during normal browsing an unsecured HTTP connection is
subject to a MITM modification or even complete takeover. At every
point along the route from source to destination. Any attacker at any
node could insert malicious code or misrepresent the connection,
without raising flags on your end, if he knew what he was doing. Whew!
It's a good thing we don't live in one of those countries where shady
government officials have surveillance access to any of our ISP lines
through special monitoring stations mandated by law. Err, oops... I
guess we do...

- --
frigidcode.com
theologia.indicium.us
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPOjWrAAoJEI2DxlFxTtgdEBAH/1rxAli6HSsArfTUeZg6MNsp
uK06G5ZSyCaJVI+VdkwNhmb6bTGWXaWOxcliwhcFACEaClDjacT+ZeJiyT0Dbg0R
lY4GwROYNT2v6aW7FSq8f0/1Wje8T9fHoP3GlCxzWmLbgKm4laFcStTh2anp2kSN
M6KNKtrNpVVe6eEyktilbutou3ERazQqS8JSNGrixm8bZ0WrswnNNjAhqNI0oH46
WUvus59jQ7iLEwoIvfWrW7b+hPhPF0jw0Du3EcMt2NmFWEuvEu20kdj8WTQ3ZgT+
9Hfq/1eAahhArayN3xfqD/dWJ61vsFO4PdIXKYQ9S7GanAiuJlxKlqAEOfw7mxU=
=3oxx
-----END PGP SIGNATURE-----
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Feb 14 01:20:54 2012