Being safe on the internet (was Re: Here we go again - ISP DPI, but is it interception?)

Chris Salter ukcrypto at originalthinktank.org.uk
Tue Aug 3 20:47:37 BST 2010 

Hello Peter and UKCrypto,

Tuesday, August 3, 2010, 4:34:36 PM, you wrote:

> James Firth wrote:
>>> In article <F83296DFE4A84016BC63F8053B95AAE5 at your41b8d18ede>, Tom
>>> Thomson <colinthomson1 at o2.co.uk> writes
>>>
>>>     
>>>>> https://cybersecuritychallenge.org.uk/
>>>>>         
>>>> Firefox doesn't have any problems with that site's certificate when I
>>>>       
>>> try it.
>>>
>>> OK here as well (v3.6.7 for PC).
>>>     
>>
>> OK here too.  Can you post the fingerprint you're getting from the
>> certificate?  There's 2 options: MitM (unlikely) or certificate missing from
>> your client (likely)
>>
>> James Firth
> Thanks all for the help.

> When I had the problems with several sites (which wasn't with v3.6.7 but
> with a slightly earlier version of FF), I created an exception for each
> of them - that put each cert in my list of certs accepted as exceptions,
> and indeed cybersec went in there.

> So now I have deleted the cybersec cert from the exceptions list and 
> tried again - and now FF doesn't complain. So it looks like something in
> FF got altered/updated in the transition from v3.6.x (whatever it was 
> that I had) to v3.6.7. As I think I noted earlier, I haven't had the 
> shower of complaints from FF about certs since I upgraded.

Just to muddy the water I accessed the site in question with Opera
10.60. It also passed the connection as secure but the security status
window added the following qualifier: "The server does not support
secure TLS renegotiation. The site owner should upgrade the server."

My 'ill-informed' interpretation is that Opera is stating that the
site is vulnerable to the 'TLS Renegotiation Attack'?

http://www.entrust.net/advisories/tls-mitm.htm

http://isc.sans.edu/diary.html?storyid=7534

I employ a basic phalanx of browsers (MSIE, Opera, Firefox, Chrome and
Safari) with Chrome being my current default (it's the fastest of the
bunch at the moment). However, I tend to revert to Opera where
security issues are paramount.

Regards to All,

Chris

-- 
 Chris Salter                      mailto:ukcrypto at originalthinktank.org.uk
 Cornwall United Kingdom        http://www.originalthinktank.org.uk/

More information about the ukcrypto mailing list