These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
 

Note to CCP : Why HTTPS and SSL are not as secure as you think

Author
Previous Topic Next Topic
Sturmwolke
#1 - 2014-03-13 11:50:51 UTC
I'll just drop this here. It's an interesting article.
Hope your security/web guys are already aware of this.

http://www.sott.net/article/275524-Why-HTTPS-and-SSL-are-not-as-secure-as-you-think

one excerpt :

"... Because just like you, I had no knowledge of the gaping holes in SSL. Awareness of this and many other issues - technological, political, psychological, social, etc. - is absolutely essential. "
Rakshasa Taisab
Sane Industries Inc.
#2 - 2014-03-13 12:11:02 UTC
So you found an article and suddenly think those of us that do this professionally haven't been paying attention?

Next you'll be telling those CERN guys how they should align their beams...

Nyan
Tippia
Sunshine and Lollipops
#3 - 2014-03-13 12:19:23 UTC
So what I read there was that someone with a couple of certificates “had no knowledge” of old news… and uses such professional terms as “M$”. The again, considering the state of the rest of the site, that's probably par for the course.
RaTTuS
BIG
#4 - 2014-03-13 12:24:34 UTC
should really be OOPE

http://eveboard.com/ub/419190933-134.png http://i.imgur.com/kYLoKrM.png

Sturmwolke
#5 - 2014-03-13 12:49:54 UTC
Rakshasa Taisab wrote:
So you found an article and suddenly think those of us that do this professionally haven't been paying attention?

Wait, is that an admission of CCP's professionality? ... after all these years? ... really? Roll
hydraSlav
Synergy Evolved
#6 - 2014-03-13 13:39:07 UTC
Hey look! An expert on the internet!
Charlie Firpol
Brutor Tribe
Minmatar Republic
#7 - 2014-03-13 14:54:05 UTC
Rakshasa Taisab wrote:
So you found an article and suddenly think those of us that do this professionally haven't been paying attention?

Next you'll be telling those CERN guys how they should align their beams...


I told them so often they should stop or we will all get devoured by a black hole, but they just dont listen!

So all I can do now is wait for it to happen and then say " Told you :P "

The Butcher of Black Rise - eve-radio.com
Chribba
Otherworld Enterprises
Otherworld Empire
#8 - 2014-03-13 14:55:33 UTC
Turn off the interwebs!

★★★ Secure 3rd party service ★★★

Visit my in-game channel 'Holy Veldspar'

Twitter @ChribbaVeldspar
Steve Ronuken
Fuzzwork Enterprises
Vote Steve Ronuken for CSM
#9 - 2014-03-13 15:12:35 UTC
Well, that article told me nothing I didn't already know.

And I'm just a general purpose systems Administrator, at an SME.

The thing is, SSL is still secure. It's the PKI infrastructure that goes along with it that's open to attacks, which is nothing new.

There was never a need to compromise SHA-1. All you needed to do was compromise a CA's root certificate, or one of their signing certificates, which is a lot easier to do, as it's just people in the way. And people can be compromised relatively easily. Might not even take money. Just an appeal to patriotism.

Woo! CSM XI!

Fuzzwork Enterprises

Twitter: @fuzzysteve on Twitter