Morac
join:2001-08-30
Riverside, NJ
 ·Comcast
1 edit | So encrypt your traffic
Isn't the assumption that if your traffic in not encrypted than pretty much anyone can read it?
Granted in this case, that someone can be anywhere in the world instead of locally to you, but still....
So today's lesson is if you don't want people to read your data, encrypt it.
--
The Comcast Disney Avatar has been retired. |
|
TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Brooklyn NYC
 ·Verizon Online DSL
| said by Morac  : ... you don't want people to read your data, encrypt it. Indeed! Why is https NOT the standard for browsing? Why is encrypted email not the standard?
Powerful tools currently exist to protect our privacy, and are available to EVERYONE, why are they not used? Why are they NOT the default?
Bob
--
Motor Vessel - Tamara B.
43' Long-Range Trawler
Cape Elizebeth ME.
See her Here. |
|
cornelius785
join:2006-10-26
Worcester, MA
| I'm guessing a couple reasons may be server load, connections load (i think more packets have to sent back and forth to establish a ssl connection), and maybe bandwidth. encryption and decryption is fairly computational intense operation. i suppose for email, you'd need a client that everyone has that is capable of handling encryption and make it SEAMLESS to the end user when operating (think of going to https site) maybe a someone more knowledgeable in computer/network/internet security could comment what i've stated. |
|
deepblackmag
join:2004-12-27
00000 | These days with ssl offload and crypto accel cards, theres no excuse for claiming its not done because of a performance issue. I run it everywhere on my equipment. |
|
keyboard5684
join:2001-08-01
Youngsville, PA | reply to Morac
Well, re-routing traffic is the problem. The traffic needs to go through something like a transparent device somewhere meaning a long route. I like my traffic to go the quickest route. |
|
keyboard5684
join:2001-08-01
Youngsville, PA
 ·Teliax VOIP
 ·WestPAnet Inc.
·WestPAnet Inc. CA..
| reply to deepblackmag
When you made this post, was it encrypted the whole way?
You cannot encrypt everything unless everyone else wants to and agrees with your method. DSLReports would have horrible server load trying to run SSL between them and the readers.
It is an excuse. Just because you can have a crypto card in a cisco router, or whatever, for maybe $500 doing it in a "real" server situation is different. You are the client, not the server.
Costs is the excuse, not the fact the technology does not exists. |
|
Dryvlyne
Far Beyond Driven
Premium
join:2004-08-30
Newark, OH
| reply to Morac
I think your missing an important point...
quote:
The tactic, which one hacker claims is bigger than the recent DNS exploit, lets an attacker monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.
This would undoubtedly inspire all sorts of new phishing scams and attempted malware "drive-bys".
The real problem with the Internet, in general, is that it was built upon the presumed trust between 2 or more machines. I just don't understand how the "fathers" of the Internet couldn't have predicted that it would somehow be abused and that proper precautions should have been instituted in the first place! |
|
Morac
join:2001-08-30
Riverside, NJ
·Comcast
2 edits | said by Dryvlyne :I think your missing an important point... quote:
The tactic, which one hacker claims is bigger than the recent DNS exploit, lets an attacker monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.
You emphasized the wrong part of that sentence. I fixed it for you.
said by Dryvlyne :The real problem with the Internet, in general, is that it was built upon the presumed trust between 2 or more machines. I just don't understand how the "fathers" of the Internet couldn't have predicted that it would somehow be abused and that proper precautions should have been instituted in the first place! You do realize that the Internet was invented before most people even had a home computer. Back then there was only a handful of computers connected and all were controlled by either Government entities or Colleges. Security wasn't really an issue back then.
--
The Comcast Disney Avatar has been retired. |
|
keyboard5684
join:2001-08-01
Youngsville, PA
·Teliax VOIP
·WestPAnet Inc.
·WestPAnet Inc. CA..
| Exactly, it was "turned over" and basically bloomed from that. The government turns over a lot of technology and it is up to those that use it to do what they wish with it.
In this case, the internet, there is not a central "advisor" on this, nor should there be. The fathers of the internet have nothing to do with this problem, people do. Stop using the internet, your fu%$ing it up.
Really, the reason behind projects like Internet2 and others is to build a new "internet". A new set of standards everyone will agree to work with. Very hard to do since we cannot agree on anything (and we being everyone, every country, the world, cannot agree). BGP is easy to fix, that really is no concern.
The "fathers", if I remember correctly, did realize it would be abused. When they let the technology "go", basically made it public, it was not up to them to secure it. BGP was a protocol that came way after the "internet was invented", it was a dynamic protocol to allow efficient routing and link control. It works great. The people to "blame" if it must be are carriers and the people using BGP, they are not using it correctly. I do not even know who came up with BGP, I think Cisco but I may be wrong (at least BGP 3, 4 who ?) |
|
