[AccessD] Website 08/06

Jim Lawrence accessd at shaw.ca
Sun Aug 12 01:15:51 CDT 2018 

Quote:

"https indicates that the website is protected by Secure Socket Layer/Transport Layer Security. Data sent between you and the website is encrypted so the information is private, and that the website is identified to be who it claims to be. Just like how you verify your identity (by means of username and password, and other information they may ask for such as in two-factor authentication), the website needs to as well. The website proves it is operated by its true owners by showing a security certificate to your Internet browser, which then indicates to you that the site is legitimate with the lock symbol."

The main reason for certification is that it can encrypt communications between the client and host...so no side-channel hacking. There is no ability to hijack internet traffic between the client and host and inject malware remotely. In theory the communications can also guarantee that the client has actually reached the site they intended to...and they have not been re-directed to a false site. One common practice is to hack an original site and place code that re-directs the client to a dummy site...this type of transaction will not work on a https certified site without the user being blocked or warned.

Jim 

----- Original Message -----
From: "stuart" <stuart at lexacorp.com.pg>
To: "Access Developers discussion and problem solving" <accessd at databaseadvisors.com>
Sent: Saturday, August 11, 2018 8:06:44 PM
Subject: Re: [AccessD] Website 08/06

A certified site can be hacked just as easily as an uncertified one. Hackers don't usually use 
http / https to place malicious code on a website.

SFT v SFTP is an entirely different issue.

On 11 Aug 2018 at 20:55, Jim Lawrence wrote:

> The concern is not for your site and its contents specifically but
> that your uncertified site can be easily hacked and side-scripted for
> other uses by any script kiddie. It is the same reason we use SFTP
> instead of FTP.
> 
> Aside: I heard of one business who had their site hacked, re-directed
> and it was being used to store and distribute child-porn. They did not
> even find out until their ISP black-listed their site. With these
> techniques one Russian hacker could basically collapse the entire US
> democratic system, at least that is what I have been told. ;-)  
> 
> Aside: Did you get a chance to read any of the articles, I posted on
> "DNS fronting" via dba-tech? Its a good read.  
> 
> Jim 
> 
> ----- Original Message -----
> From: "stuart" <stuart at lexacorp.com.pg>
> To: "Access Developers discussion and problem solving"
> <accessd at databaseadvisors.com> Sent: Friday, August 10, 2018 10:17:16
> PM Subject: Re: [AccessD] Website 08/06
> 
> Yep, I've read *lots* of similar pages. 
> 
> This is always the sort of justification they use:
> 
> "This makes it easier to know whether your personal information is
> safe as it travels across the web, whether you´re checking your bank
> account or buying concert tickets."
> 
> When someone with a basic information site,  who is not collecting
> personal data,  is told that it is going to cost them several times
> more each year to pay for a dedicated IP address and SSL cetiificate,
> what do you tell them?
> 
> 
> 
> 
> 
> On 11 Aug 2018 at 1:00, Bill Benson wrote:
> 
> > More info here
> > <https://www.blog.google/products/chrome/milestone-chrome-security-m
> > ar king-http-not-secure/> .
> > 
> > On Sat, Aug 11, 2018 at 12:57 AM, Bill Benson
> > <bensonforums at gmail.com> wrote:
> > 
> > > Because Google says that they are unsafe, and Snopes agrees with
> > > them. Https is not a guarantee of safety either, but it is more
> > > safe than not.
> > >
> > > I never type in http://www... addresses. I will always add the
> > > "s". If the site fails to load on that basis, I can live without
> > > that site, I am pretty sure.
> > >
> > > https://www.snopes.com/fact-check/http-vs-https/
> > >
> > >
> > > On Sat, Aug 11, 2018 at 12:37 AM, Stuart McLachlan
> > > <stuart at lexacorp.com.pg
> > > > wrote:
> > >
> > >> Another one that's drunk  the Koolaid?
> > >>
> > >> Why not?
> > >>
> > >> On 10 Aug 2018 at 9:09, Bill Benson wrote:
> > >>
> > >> > I won't even go near a site that begins with http. As opposed
> > >> > to https.
> > >> >
> > >> > On Wed, Aug 8, 2018, 10:40 AM Rocky Smolin
> > >> > <rockysmolin at bchacc.com> wrote:
> > >> >
> > >> > > Dear List:
> > >> > >
> > >> > > A friend of mine is working with a company to design a new
> > >> > > website for his company. Here's a link showing its
> > >> > > development to date.
> > >> > >
> > >> > > http://000m6c1.myregisteredwp.com/
> > >> > >
> > >> > > The copy isn't finalized yet.  He's just working on the
> > >> > > layout, appearance and navigation.
> > >> > >
> > >> > > Any feedback is welcome.
> > >> > >
> > >> > > MTIA
> > >> > >
> > >> > >
> > >> > > Rocky Smolin
> > >> > > Beach Access Software
> > >> > > 760-683-5777
> > >> > > www.bchacc.com
> > >> > > www.e-z-mrp.com
> > >> > > Skype: rocky.smolin
> > >> > >
> > >> > >
> > >> > >
> > >> > >
> > >> > >
> > >> > > --
> > >> > > AccessD mailing list
> > >> > > AccessD at databaseadvisors.com
> > >> > > http://databaseadvisors.com/mailman/listinfo/accessd
> > >> > > Website: http://www.databaseadvisors.com
> > >> > >
> > >> > --
> > >> > AccessD mailing list
> > >> > AccessD at databaseadvisors.com
> > >> > http://databaseadvisors.com/mailman/listinfo/accessd
> > >> > Website: http://www.databaseadvisors.com
> > >> >
> > >>
> > >>
> > >> --
> > >> AccessD mailing list
> > >> AccessD at databaseadvisors.com
> > >> http://databaseadvisors.com/mailman/listinfo/accessd
> > >> Website: http://www.databaseadvisors.com
> > >>
> > >
> > >
> > -- 
> > AccessD mailing list
> > AccessD at databaseadvisors.com
> > http://databaseadvisors.com/mailman/listinfo/accessd
> > Website: http://www.databaseadvisors.com
> > 
> 
> 
> -- 
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
> 
> -- 
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com



-- 
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

More information about the AccessD mailing list