crumpets
Posts: 1614
Joined: 11/5/2014
From: South Bay (SF & Silicon Valley)
Status: offline
|
quote:
ORIGINAL: furneaux
I shall delete it soon as this is clearly a waste of my time.
Please don't go away (at least not yet). :)
I have some questions to ask of you so that I may better learn from what you have to offer.
quote:
ORIGINAL: furneaux
You are *not* safe just because you don't use wifi. Your AV won't protect you.
I know you (the OP) knows this ... but I'll repeat for the benefit of the others (at least those who are still capable of learning)...
I didn't see anyone say that they think their AV will protect them, but if they did say that, then they're dead wrong.
As for the Ethernet connection, it only skips the wifi part from your computer to your router.
Even on the Ethernet, the password is unencrypted but it's ALSO passed down the pipe to the ISP and to the trunk and through a series of Internet hosts to the Collarspace servers (and back).
So, that's dozens of places where anyone who wants to, has your Collarspace login and password credentials, even with WiFi eliminated.
quote:
ORIGINAL: furneaux
you are using your laptop and connecting through a WiFi access point; other machines connected to the same access point see all your traffic. Note that "taking steps" to prevent such local attackers can be quite difficult (for instance, forget it is WiFi is involved).
The only part I disagree with is the "taking steps can be difficult" part.
Do you (the OP) think that VPN and/or Tor is "difficult"?
(I find both trivially easy to implement.)
Or, do you think that VPN or Tor are not effective?
NOTE: I realize both Tor and VPN have the problem of the end point being in cleartext; this can only be avoided by Collarspace implementing https; but isn't using TOR or VPN a LOT better than not using them?
quote:
ORIGINAL: furneaux
Close to the server. Typically, servers are mass-hosted in some shared facilities, and indelicate server owners may spy on their neighbours.
By this, do you mean the ISP and the (potentially dozens, although usually fewer) hosts that are on the route from you to collarspace and back?
I agree all hosts from the ISP to Collarspace and back are dangers; but I'm just asking you to clarify, for me, if that's what you meant.
quote:
ORIGINAL: furneaux
Whether this is possible or even easy depends a lot on the competence of the network administrators at the hosting site.
I agree.
EVERYTHING depends on whether you trust the administrators.
That's why you want to have to trust as few administrators as possible.
With end-to-end encryption, you eliminate most of the administrators in the path of your packets.
quote:
ORIGINAL: furneaux
However, the DNS, as a whole, is poorly protected, and can be altered by malicious individual.
As a related aside, openvpn, when run from the command line, is incapable of setting the dns servers properly, so, if you run a dns leak test (e.g., http://ipleak.net) while using openvpn, you'll notice DNS leaks. Luckily, you can fix them manually or automatically with scripts (as I have done, long ago).
If folks want the information, I can run a tcpdump to create a pcap file where I can use wireshark to visually show them the DNS port 53 queries that you're trying to tell them about.
|
RE: No site security concerns in real life - 
Profile
RE: No site security concerns in real life - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread