tmsr - Search: ssl

600+ entries in 0.615s

jpxe: ben_vulpes: There a reason the first site doesn't use SSL?

a111: Logged on 2018-01-04 07:00 mircea_popescu: o look, ssl_error_no_cypher_overlap on that geopolitica."ru" item. don't tell me it's 100% more of the same old http://btcbase.org/log/2017-03-08#1623380 / http://trilema.com/2017/datamarylandgov/#footnote_0_76632 !

mircea_popescu: o look, ssl_error_no_cypher_overlap on that geopolitica."ru" item. don't tell me it's 100% more of the same old http://btcbase.org/log/2017-03-08#1623380 / http://trilema.com/2017/datamarylandgov/#footnote_0_76632 ! ☝︎☟︎☟︎

a111: Logged on 2017-12-12 16:11 asciilifeform: meanwhile, https://archive.is/uL4b5 << usg burns yet another of $infinity ssl decrypt methods, to push 'Disable RSA encryption!'

asciilifeform: meanwhile, https://archive.is/uL4b5 << usg burns yet another of $infinity ssl decrypt methods, to push 'Disable RSA encryption!' ☟︎

mircea_popescu: about:config, search for browser.ssl_override_behavior and set it to 1, which entirely disables the pretense of "security" in https.

mircea_popescu: in other news : if you run a piece of shit firefox on a dirty box somewhere, and if you never upgraded it as you don't intend to upgrade it ; and if the ever-creeping idiocy of the world puts you in this situaiton where various ssl-"protected" sites are no longer loading :

mircea_popescu: https://images-na.ssl-images-amazon.com/images/I/91jJWHkkA1L._SL1500_.jpg <this thing

asciilifeform: 'whaddayeamean you don't want ssl in the loop, and put it all through nsa cables, terrorist.'

asciilifeform: 'When a Payment Protocol wallet interacts with a Payment Protocol URL, it creates an SSL-secured connection to the true owner of the receiving bitcoin address (in this case, BitPay).' etc

asciilifeform: meanwhile, in heathendom ! https://curl.haxx.se/docs/adv_2017-af0a.html >> 'libcurl contains an out boundary access flaw in SSL related code. When allocating memory for a connection (the internal struct called connectdata), a certain amount of memory is allocated at the end of the struct to be used for SSL related structs ... The math used to calculate the extra memory amount necessary for the SSL library was wrong on 32 bit systems,

mircea_popescu: http://s3-wp-lyleprintingandp.netdna-ssl.com/wp-content/uploads/2017/01/27160428/holstein-record-Ever-Green-View-My-Gold-ET.jpg << holstein cow.

asciilifeform: 'zonder ssl-certif..' << /me thinks 'zonderkommando'

shinohai: Site set up about Equifax breach is using a free shared CloudFlare SSL cert. https://pbs.twimg.com/media/DJKYVNJVwAAsdcM.jpg

asciilifeform: ( after this -- Framedragger take2; then ssl ... )

asciilifeform: valentinbuza: behold, for instance, http://shop.nosuchlabs.com << a www store that does not and never will use tls/ssl

asciilifeform: 'water comes from tap' 'food, from store' 'mains current, from socket' 'crypto, from ssl' etc

asciilifeform: lol, nao with ssl!

mircea_popescu: i should hope ssl everywhere.

shinohai: kiwi is fickle about ssl connections iirc

shinohai: "Connection is already encrypted by Tor, so do NOT enable additional SSL for the connection. " <<< lmao

asciilifeform: ( unlike, e.g., gpg, ssl, the rest of the shit soup )

mircea_popescu: SSL EVERYWHERE!!!1

asciilifeform: 'The use of Git and SSL/TLS sets a very high barrier for in-flight tampering. This is not the point of discussion.' lel

Framedragger: i don't recall but i believe you can define ~all the params for DH key exchange in ssl, i think

Framedragger: i've seen ~sane uses of ssl, with self-signed pinned cert (verified via side channel). it happens.

asciilifeform: i have nfi why folx volunteer to use ssl.

asciilifeform: in protest against the nonsense where people ( who insisted on using ssl, but originally this was made mandatory for users of visa ) had to pay rentseeking hucksters thousands for 'this cert will work and browsers won't complain'

asciilifeform: iirc it was (is?) this thing that gives away ssl certs for phree

mod6: <+mircea_popescu> ssl certs for v, basically ? << eep.

mircea_popescu: ssl certs for v, basically ?

phf`: i feel like i have to do it roughly once a year, in fact, every time freenode changes their ssl. i listened to the advice of the wise this time and switched to plain text

Framedragger: shinohai: jhvh1 is also on hashbang, right? how does hashbang force ssl for *that* one, i wonder? by whitelisting irc ssl port only?

shinohai: Hashbang irc blows because forced ssl

asciilifeform: mircea_popescu: i wonder how the ssl idiots handle this ( they have, or at least at one time had, hardware accelerators for their nonsense . did they also have to pay for entire machine colo, to plug in the 1 board ?? )

mircea_popescu: i lulzed. really ? how about DO NOT USE "SSL".

mircea_popescu: "How do I use SSL encryption properly?" "SSL (resp. TLS, as SSL v2/v3 is already broken but name SSL is commonly used for TLS protocol) implementation or protocol itself isn't affected"

asciilifeform: also, to answer earlier q: there are already very effective pills against ssl: timing attack, nonce reuse for dsa (you can find existing code)

a111: Logged on 2017-04-09 13:48 BenBE: I'm the maintainer of the GeSHi syntax highlighter for PHP, which is used in e.g. Wikipedia for source highlighting of articles. Also working on several crypto-related projects like my own TLS/SSL test, a collection of publicly-known set of compromised keys, an OpenSource management software for handling X.509 certificate issuance for a certificate authority.

BenBE: I'm the maintainer of the GeSHi syntax highlighter for PHP, which is used in e.g. Wikipedia for source highlighting of articles. Also working on several crypto-related projects like my own TLS/SSL test, a collection of publicly-known set of compromised keys, an OpenSource management software for handling X.509 certificate issuance for a certificate authority. ☟︎

a111: Logged on 2017-03-23 20:48 asciilifeform: in other lulz, didjaknow, https://github.com/bitcoin/bitcoin/blob/master/src/qt/paymentserver.cpp#L111 << prb imports ssl certs ! the whole shit soup

asciilifeform: in other lulz, didjaknow, https://github.com/bitcoin/bitcoin/blob/master/src/qt/paymentserver.cpp#L111 << prb imports ssl certs ! the whole shit soup ☟︎

asciilifeform: we will be busting ssl keys, for instance, at some point

asciilifeform: sl/include/polarssl/ssl.h is extended to include the session _checksum, tool_id, use_custom, and xor_key. The data contained within this packet is constant with the exception of a time stamp taken from the real-time clock and a few bytes of random data. A CRC checksum is computed from the entire packet and is included with the HELLO packet. When Blot receives this packet, it checks the CRC searches a list of previously seen packets f

asciilifeform: 'Hive beacons were designed to work with the Blot proxy (developed by Xetron). Blot looks for a tool ID embedded in the HELLO packet of an SSL session initiation. If the ID is found, then it forwards the packet to the tool-handler, otherwise it is sent to the cover server. The tool ID is embedded in the HELLO packet using the embedData function defined in …/polarssl/library/loki_utils.c. The SSL data structure defined in …/polars

ben_vulpes: asciilifeform: can ssl or gpg be beaten into eating a specific file of entropy without patching them?

asciilifeform: and of course closed-source-remotely-updated-turd-on-closed-remotely-updated-os-sitting-on-usg.ssl-pki is not 'backdoor', didjaknow also.

mircea_popescu: phf it's entirely unclear what ssl is supposed to provide. it might have been of marginal utility prior to their nsa merger, but these days it's utter waste of time. treat all freenode connections as plaintext.

phf: seems like freenode upgraded all their servers to letsencrypt, meaning that you can't just verify ssl's fingerprint once a year. instead each server has own ssl, updated once in 90 days.

asciilifeform: i'ma guess that the ssl certs on the debianized boxes will also phuctorize

a111: Logged on 2017-01-08 15:11 mircea_popescu: and i must be able to figure out the state by looking at the url, which is why POST is not better than GET but much, MUCH worse, and why it was pushed as part of "ssl", typical usg-tardism

mircea_popescu: and i must be able to figure out the state by looking at the url, which is why POST is not better than GET but much, MUCH worse, and why it was pushed as part of "ssl", typical usg-tardism ☟︎

asciilifeform: there was some supposed workaround involving self-generated ssl certs but it dun wurk

asciilifeform: the other interesting experiment, yet undone, is to generate ssh, ssl, pgp, etc. keys on some of the other os with known-broken rng -- e.g., freebsd 2010-2014 (or when was it), possibly other

asciilifeform: (it displays unremarkable ssh hello, the litmus for it uses the ssl cert that the boxes also display on 443)

asciilifeform: phf: yer right re ssl

Framedragger: https://www.schrauger.com/the-story-of-how-wosign-gave-me-an-ssl-certificate-for-github-com << ffs i have these jokers in my ca list now. need to go through it and remove shit.

Framedragger: yeah, would be great to have ssl certs etc all in the same place, timestamped, so one could track history, to an extent. (and then be able to offer realtime scans and alerts as a service, say...)

a111: Logged on 2016-12-08 15:38 asciilifeform: mircea_popescu: the things to scan, that very often are found: 80 (http), 443 (ssl), and if either found, the page; if ssl -- the cert id strings (see l0gz for how) , and lastly, ftp (yes, believe or now) and telnet greetings.

asciilifeform: mircea_popescu: the things to scan, that very often are found: 80 (http), 443 (ssl), and if either found, the page; if ssl -- the cert id strings (see l0gz for how) , and lastly, ftp (yes, believe or now) and telnet greetings. ☟︎

asciilifeform: trinque: how much sweat would it take to add procedure, attempt http (80) and https (445) on phucked ip, then post http title, if found, and in case of ssl, cert id string

Framedragger: asciilifeform: looks like some folks may have generated ssl certs this way, too...

mircea_popescu: well nobody forces you to use ssl.

asciilifeform: i will be surprised if before the end of '17 'google chrome' and similar do not yet warn 'THIS NEWS SITE MAY BE FAEK', sorta how it now is beginning to do for ssl abstainers

asciilifeform: i got a thing that curls http://.....phucked and goes , nmap, fetches ssl certs if 445, etc

asciilifeform: well, they -- supposedly -- did phuctor-with-ssl

Framedragger: aha yes, ssl certs should go into the oven, too.

trinque: ben_vulpes: DDOS SSL endpoints, get cleartext passwords, ..., profit?

ben_vulpes: interestingly, could not connect over ssl

asciilifeform: 'opmsg requires the crypto primitives from OpenSSL. Just relax, its not using the SSL/TLS proto, just the ciphering and hash algorithms. '

asciilifeform: same ssl cert, too.

asciilifeform: but, regardless, countdown 3, 2, 1.... to 'roughtime' in prb, ssl, etc.

adlai: you have to use ssl with all exchanges (except for one, guess which)

adlai: cl+ssl is ffi to openssl

adlai: well, it is always throwing ssl packets, so it could also be that (this is the aforementioned plus-sized library)

Framedragger: omg attempting https on trilema.com gives common name = server1.nigger.com, email = ssl@server1.nigger.com -- l0l0l.

asciilifeform: https://images-na.ssl-images-amazon.com/images/I/31knpB4IfKL._SY355_.jpg << this.

asciilifeform: mircea_popescu: now that i think about it, i dun recall prb having ssl eater in it

a111: Logged on 2016-08-15 04:55 asciilifeform: in other oldz, http://iang.org/ssl/pki_considered_harmful.html << 'nobody foresaw!!1111'

asciilifeform: in other oldz, http://iang.org/ssl/pki_considered_harmful.html << 'nobody foresaw!!1111' ☟︎

asciilifeform: though we dun have any ssl certs in phuctor, so it is unlikely to pop any time soon.

trinque: asciilifeform: https://images-na.ssl-images-amazon.com/images/I/61WcU%2BYf74L._SL1000_.jpg << chinese as hell. shitty screen, bad buttons, hates the human hand

asciilifeform: let's encrypt the space inside our nostrils with free ssl certs!111

mircea_popescu: asciilifeform what experiment is necessary ? https://aos.iacpublishinglabs.com/question/aq/700px-394px/long-baby-rabbits-stay-mother_c2bade73e49e674b.jpg vs https://images-na.ssl-images-amazon.com/images/I/71vHuqY2cpL._SX522_.jpg

trinque: these nazis certainly *can* break various forms of "SSL", to pick something at random

shinohai: Also in the run moar SSL department: https://www.computest.nl/blog/startencrypt-considered-harmful-today/

asciilifeform: 'Handling SSH keys or SSL certs for your clients? Get in touch with us for a premium access to our key testing API.'

asciilifeform: moxie m pushes shitphones. and ssl monkey tricks. and 'pgp is obsolete'.

shinohai: https://www.reddit.com/r/Bitcoin/comments/4nbish/coinbase_fails_to_accept_bitcoin_merchant_payments/ <<< more SSL plox

trinque: got an SSL error

asciilifeform: in fact the ssh pile of shit is every bit as malodorous as ssl.

asciilifeform: fromphuctor: ssl/tls (and all pki systems of whatever form) is rubbish.

asciilifeform: incidentally might ask archive.is why they ssl.

mircea_popescu: http://dpaste.com/1GFYZ4G << badly set-up ssl

mircea_popescu: there wouldn't really be anything to throw in the box for ssl keys tho

asciilifeform: or these are ssl keyz

asciilifeform: the nice thing about ssl and ssh pubkeys is that you can harvest them.

mircea_popescu: first things first. the ssl keys thing - both github and search.

ascii_butugychag: sks has the idiot new ssl thing