hmm, its not my imagination, but I did got that message some days ago as well, since it went away after few hours, I thought it was just something, not that big.
What does this actually mean? To me, the obvious part is that people in coffee shops could be targeted. Is the most dangerous part about it to do with ISPs? They already could know what pages you visit TPB anyway, couldn't they? In Fiddler today all I seemed to see were handshakes to a secure site I host, but I couldn't see what pages or assets were requested. Do ISPs have the same problem?
exactly my question, since I'm not the security expert either.
I'm wondering, why there was no announcement about it, if it did happen few days ago (or today)
Could it be that they have something local now ? Not many SSL providers would side with them is evident.
Unless ISPs can magically decrypt HTTP requests, all they can see are sending & receiving IP and port. Without SSL, ISPs can view everything (unless tunneling or something similar to add encryption to an unencrypted protocol).
The difference between the anti-piracy and illegal porn blocks are that the porn blocks are transparant whilst the anti-piracy blocks are a clear notification page. I'm not sure if that was due to a requirement in the judgement or something else.
People do understand that the certificate expiring does not affect security or encryption in any way, right? All it means is that some registrar wants to be paid now?
1. User visits site. Gets warned about expired certificate. Tells browser to go ahead and ignore the error.
2. Later, user visits site again. This time, though, someone is doing a MITM or DNS hijack. User gets warning about certificate not matching domain. User thinks it is just the expired warning, and so tells the browser to ignore it.
"Secure" is a whole system property. The whole system includes the users and their expectations. An expired certificate changes user expectations.
20 comments
[ 4.1 ms ] story [ 49.5 ms ] threadCould it be that they have something local now ? Not many SSL providers would side with them is evident.
1. User visits site. Gets warned about expired certificate. Tells browser to go ahead and ignore the error.
2. Later, user visits site again. This time, though, someone is doing a MITM or DNS hijack. User gets warning about certificate not matching domain. User thinks it is just the expired warning, and so tells the browser to ignore it.
"Secure" is a whole system property. The whole system includes the users and their expectations. An expired certificate changes user expectations.