|
» Intern0t HTTPS option| Register | Blogs | Members List | Search | Today's Posts | Mark Forums Read |
|
| Register | Blogs | Members List | Search | Today's Posts | Mark Forums Read |
| Site Suggestions Got an idea? Post it here. |
|
#1
16th January 2010, 03:24
| ||||
| ||||
| Intern0t HTTPS option
I was thinking, intern0t only has http server, and it's bad for client side security because somebody can mitm members and get their packets to and fro intern0t plaintext, giving away username and password. As intern0t runs on apache, I think it's easy to implement https as well as http option for security. What do you think?
__________________ s3my0n@intern0t.net:~$ whoami RuSH4ck3R  |
|
#2
16th January 2010, 16:32
| |||
| |||
| Re: Intern0t HTTPS option
If your only reason being more defence against MITM attacks then its probably pointless as the HTPS protocall is vulnerable to MITM attack also. Tunneling your HTTP traffic over SSH.
|
|
#3
16th January 2010, 17:09
| ||||
| ||||
| Re: Intern0t HTTPS option Quote:
And btw, Google spent heaps of money to just make https default protocol for their webservers. So I think there is a reason for Intern0t to do it ^^
__________________ s3my0n@intern0t.net:~$ whoami RuSH4ck3R Last edited by s3my0n; 16th January 2010 at 17:15. |
|
#4
19th January 2010, 21:37
| ||||
| ||||
| Re: Intern0t HTTPS option
Ssh tunneling xD
__________________ "...a computer is a stupid machine with the ability to do incredibly smart things, while computer programmers are smart people with the ability to do incredibly stupid things. They are, in short, a perfect match". |
|
#5
2nd February 2010, 18:14
| ||||
| ||||
| Re: Intern0t HTTPS option
At this point it would cost us 50$ if we want a real SSL certificate which is "trusted". If you're willing to pay 50$ then I'll be happy to add it to InterN0T :-) I can't deny however, that we might apply a SSL certificate in the future (either our own or a real "trusted" one) but at the current point it is not going to happen. I do have a SSL certificate that I can use for our VPS, but that can't be applied due to a limitation in how 1and1 is set up. However we might move host anyway.
__________________ Code: ____/____\_________________
\|/ | OMG IT'S TEH LEET STORY!! |
/*\ /\ -*- |______ ________/\_________|
// \\ / \ /|\ / \/ \ / \
/// \\\ / \ / \/ \
// \\ / \ / \o/ \ \
| | / \ / | \ \
___| |____/ \______/________/ \_______\_____\_________
/ o \
#"=-
/\
__________________________________________________________
On a mission, to find the lost member of Teh Unkwon.. |
 |
| Bookmarks |
| Thread Tools | |
| Display Modes | |
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| [Article] Google changes Gmail to Default to HTTPS | agriloan | Security News and Feeds | 0 | 15th January 2010 18:29 |
| CookieMonster Released! (Https hijacking) | DeMoN | Hacking Tools & Utilities | 1 | 10th September 2008 13:20 |
Linear Mode
