[Freedombox-discuss] Onion Pi
Sandy Harris
sandyinchina at gmail.com
Tue Sep 17 23:53:40 UTC 2013
On Tue, Sep 17, 2013 at 3:57 PM, Nick Daly <nick.m.daly at gmail.com> wrote:
> If your destinations are using SSL (like they should) MITM is less of
> an issue. The lovely HttpsEverywhere Firefox/Iceweasel extension
> makes this as simple as possible (and should definitely be installed
> on any client device).
Both SSL/TLS itself and HTTPS Everywhere
https://www.eff.org/https-everywhere
are definitely worth using, but neither necessarily gives much
resistance to MITM (man-in-the-middle) attacks.
http://en.citizendium.org/wiki/Man-in-the-middle_attack
MITM involves the attacker posing as someone else. The
defense is cryptographic authentication that lets you be
certain you are talking to the real server, not an impostor.
SSL/TLS uses x.509 certificates for authentication, and
that is not a reliable mechanism.
My Firefox default installation trusts more than 100
certificate authorities. Some of those are controlled
directly by governments seriously opposed to FBox
goals -- China, Syria, ...Others might be leaned on
by various governments, in particular some of the
largest are US companies. Some have admitted
selling bogus certs which let a company monitor its
employees web use to protect "intellectual property"
and corporate security. If that, why not sell to a
national security organisation? Some have been
broken into.
More information about the Freedombox-discuss
mailing list