Being safe on the internet (was Re: Here we go again - ISP DPI, but is it interception?)
Chris Salter
ukcrypto at originalthinktank.org.uk
Tue Aug 3 20:47:37 BST 2010
Hello Peter and UKCrypto,
Tuesday, August 3, 2010, 4:34:36 PM, you wrote:
> James Firth wrote:
>>> In article <F83296DFE4A84016BC63F8053B95AAE5 at your41b8d18ede>, Tom
>>> Thomson <colinthomson1 at o2.co.uk> writes
>>>
>>>
>>>>> https://cybersecuritychallenge.org.uk/
>>>>>
>>>> Firefox doesn't have any problems with that site's certificate when I
>>>>
>>> try it.
>>>
>>> OK here as well (v3.6.7 for PC).
>>>
>>
>> OK here too. Can you post the fingerprint you're getting from the
>> certificate? There's 2 options: MitM (unlikely) or certificate missing from
>> your client (likely)
>>
>> James Firth
> Thanks all for the help.
> When I had the problems with several sites (which wasn't with v3.6.7 but
> with a slightly earlier version of FF), I created an exception for each
> of them - that put each cert in my list of certs accepted as exceptions,
> and indeed cybersec went in there.
> So now I have deleted the cybersec cert from the exceptions list and
> tried again - and now FF doesn't complain. So it looks like something in
> FF got altered/updated in the transition from v3.6.x (whatever it was
> that I had) to v3.6.7. As I think I noted earlier, I haven't had the
> shower of complaints from FF about certs since I upgraded.
Just to muddy the water I accessed the site in question with Opera
10.60. It also passed the connection as secure but the security status
window added the following qualifier: "The server does not support
secure TLS renegotiation. The site owner should upgrade the server."
My 'ill-informed' interpretation is that Opera is stating that the
site is vulnerable to the 'TLS Renegotiation Attack'?
http://www.entrust.net/advisories/tls-mitm.htm
http://isc.sans.edu/diary.html?storyid=7534
I employ a basic phalanx of browsers (MSIE, Opera, Firefox, Chrome and
Safari) with Chrome being my current default (it's the fastest of the
bunch at the moment). However, I tend to revert to Opera where
security issues are paramount.
Regards to All,
Chris
--
Chris Salter mailto:ukcrypto at originalthinktank.org.uk
Cornwall United Kingdom http://www.originalthinktank.org.uk/
More information about the ukcrypto
mailing list