1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News EFF unveils Let's Encrypt HTTPS programme

Discussion in 'Article Discussion' started by Gareth Halfacree, 19 Nov 2014.

  1. Umbra

    Umbra What's a Dremel?

    Joined:
    18 Nov 2013
    Posts:
    636
    Likes Received:
    17
    Sales maybe going up, not really surprising, but it seems that there are very few commercially available encryption products that have not been compromised.
    Probably best not to tell your customers about that ;)

    www.theguardian.com
     
  2. Anfield

    Anfield Multimodder

    Joined:
    15 Jan 2010
    Posts:
    7,181
    Likes Received:
    1,024
    Except of course the customers of vpn services are under surveillance from the very moment they even consider using one...

    https://daserste.ndr.de/panorama/aktuell/nsa230_page-1.html
     
  3. adam_bagpuss

    adam_bagpuss Have you tried turning it off/on ?

    Joined:
    24 Apr 2009
    Posts:
    4,282
    Likes Received:
    159
    personally its a bad ideal to use a VPN service as you are not in control of the the VPN connection or encryption keys. business that are serious about protecting data would use there own and offload the keys

    well i hope you dont bank online or use itunes or buy from amazon. I take the the above with a pinch of salt and mealy suggests not confirms with proof that these relationships exist and that backdoors are built in to products.

    I did see mention of many services for VPN which are known and again most likely down to the fact the NSA or GCHQ hold the master key after obtaining legally or illegally from said company

    It hard to obtain a key when its sat in a box that can only be accessed using 2FA locally.

    It also mentioned brute forcing using super computers which i guess ultimately is possible

    i guess overall long story short - nothing is 100% but making it as close to 100% as possible is preferable.
     
  4. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    388
    And keep your fingers crossed that no one has brokered a deal with the manufacturer of the box to insert any weaknesses, or other exploits. :worried:
     
  5. exceededgoku

    exceededgoku What's a Dremel?

    Joined:
    19 Oct 2006
    Posts:
    75
    Likes Received:
    0
    If it takes you 2-3 hours to install an SSL certificate you should not be hosting a 'secure' website.
     
  6. Bionic-Blob

    Bionic-Blob What's a Dremel?

    Joined:
    2 Aug 2007
    Posts:
    83
    Likes Received:
    0
    It's referring to the time taken to obtain the certificate, not install it.
     
  7. Anfield

    Anfield Multimodder

    Joined:
    15 Jan 2010
    Posts:
    7,181
    Likes Received:
    1,024
    And if that fails they simply drop some spyware on your system, doesn't really matter then if they have access to the encryption you use for your communication.
     

Share This Page