SSL NO LONGER SECURE

Chat about just about anything else

Re: SSL NO LONGER SECURE

Postby Fred on Tue May 26, 2009 10:37 am

jfreak,

My understanding is this problem has been fixed in Debian, or at least a temporary workaround since the root of the problem seems to lie with the web page implementation of SSL.

The best protection against this problem for Mint is probably using "noscript" in Firefox and a DHCP connection to the Internet where possible until the fix filters down to Ubuntu.

Fred
Insanity: Doing the same thing over and over and each time expecting a different result.

Democracy is 2 wolves and a lamb voting on the menu. Liberty is an armed lamb protesting the electoral outcome. A Republic negates the need for an armed protest.
User avatar
Fred
Level 10
Level 10
 
Posts: 3356
Joined: Fri Jan 04, 2008 11:59 am
Location: NC USA

Linux Mint is funded by ads and donations.
 

Re: SSL NO LONGER SECURE

Postby Fred on Tue May 26, 2009 11:27 am

jfreak,

When I referred to a Debian fix/workaround I was referring to Iceweasel, not the operating system.

In order for a man-in-the middle to work there has to be someone there waiting. Hence the DHCP recommendation. Static ips attract bugs like sugar-water. :-)

Noscript prevents running code in the browser, as the old attack you referred to required. I don't know about the new and improved version you talked about. I haven't seen it.

I am not saying you will be safe if you do these things, just that your odds are improved somewhat.

If you really feel paranoid, I would suggest you set up another user, (untrusted) with no privileges and run your browser, whatever it is, from that user account. Set your permissions so that the untrusted user doesn't have read/write access to your other user's data, but the other user has access to the untrusted user's data. Set the desktop folder of the untrusted user to root ownership and read only. Set the auto start folder to root ownership and read only. Regardless of what comes in on the browser it can't go anywhere, do anything, or destroy any data.

Fred
Insanity: Doing the same thing over and over and each time expecting a different result.

Democracy is 2 wolves and a lamb voting on the menu. Liberty is an armed lamb protesting the electoral outcome. A Republic negates the need for an armed protest.
User avatar
Fred
Level 10
Level 10
 
Posts: 3356
Joined: Fri Jan 04, 2008 11:59 am
Location: NC USA

Re: SSL NO LONGER SECURE

Postby Fred on Tue May 26, 2009 11:34 am

jfreak,

Ahhh... one more challenge. :-)

Thanks for the heads-up.

Isn't life grand!

Fred
Insanity: Doing the same thing over and over and each time expecting a different result.

Democracy is 2 wolves and a lamb voting on the menu. Liberty is an armed lamb protesting the electoral outcome. A Republic negates the need for an armed protest.
User avatar
Fred
Level 10
Level 10
 
Posts: 3356
Joined: Fri Jan 04, 2008 11:59 am
Location: NC USA

Re: SSL NO LONGER SECURE

Postby Fred on Tue May 26, 2009 12:12 pm

jfreak wrote:
Now to find something to eat...

Very good idea indeed. :-)

Later,

Fred
Insanity: Doing the same thing over and over and each time expecting a different result.

Democracy is 2 wolves and a lamb voting on the menu. Liberty is an armed lamb protesting the electoral outcome. A Republic negates the need for an armed protest.
User avatar
Fred
Level 10
Level 10
 
Posts: 3356
Joined: Fri Jan 04, 2008 11:59 am
Location: NC USA

Re: SSL NO LONGER SECURE

Postby deadguy on Tue May 26, 2009 12:13 pm

jfreak,

thanks for the heads up on this!!
I don't do any online banking
and from what I've read here,
I'm not going to start :D

Fred,

your advice, as always, is good!
I use noscript religiously!

Cheers,

Deadguy
User avatar
deadguy
Level 5
Level 5
 
Posts: 710
Joined: Wed Aug 15, 2007 9:41 pm
Location: Illinois USA


Return to Open chat

Who is online

Users browsing this forum: No registered users and 2 guests