Page 2 of 4 FirstFirst 1 2 3 4 LastLast
Results 11 to 20 of 35

Thread: You guys should use HTTPS

  1. #11

    Join Date
    Aug 2017
    Location
    North Korea
    Posts
    114
    Thanks
    94
    Been Thanked: 160 Times

    Default

    Quote Originally Posted by British green View Post
    The most dangerous thing to us lot is the old saying lose lips sink ships . No sell no tell no smell and your golden.
    ^ this. Agree 100%.

  2. The Following 2 Users Say Thank You to Smokeful For This Useful Post:

    British green (24-08-17), M_C (24-08-17)

  3. #12

    Join Date
    Oct 2015
    Posts
    108
    Thanks
    7
    Been Thanked: 117 Times

    Default

    There's little worry as long as you put nothing out in cyber you wouldn't mind seeing in a newspaper article.

    If you do, well then, you've got security issues. And probably other, bigger issues as well.

  4. The Following User Says Thank You to acewiza For This Useful Post:

    M_C (24-08-17)

  5. #13

    Join Date
    Mar 2009
    Posts
    62,164
    Thanks
    177,527
    Been Thanked: 196,745 Times

    Default

    Quote Originally Posted by Smokeful View Post
    You can't crack an SSL encryption key, not in our lifetime anyway.
    Not wishing to burst your bubble, but HTTPS was cracked 4 year ago (Or at least that's the first time they admitted it) & there are tools available, via a quick google search, that will crack HTTPS in 30 seconds or less

    An extract form The Register:-

    Step into the BREACH: HTTPS encrypted web cracked in 30 seconds

    Online banking, webmail, shopping hacked and slurped in new crypto attack

    By John Leyden 2 Aug 2013 at 15:57

    SHARE ▼

    Black Hat 2013 A new hacking technique dubbed BREACH can extract login tokens, session ID numbers and other sensitive information from SSL/TLS encrypted web traffic, say researchers.

    Secret data crucial to securing online banking and shopping can be lifted from an HTTPS channel in as little as 30 seconds, we're told.
    BREACH (short for Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext) attacks the common Deflate data compression algorithm used to save bandwidth in web communications. The exploit is a development of the earlier Compression Ratio Info-leak Made Easy (CRIME) exploit, which also involved turning compression of encrypted web requests against users.
    The code-breaking research behind BREACH was unveiled by security researchers Angelo Prado, Neal Harris and Yoel Gluck during a presentation at the Black Hat hacking conference in Las Vegas on Thursday.
    All versions of TLS/SSL are at risk from BREACH regardless of the encryption algorithm or cipher that's in play, the trio said.
    That's only one of the tools that the Black Hats have.... makes you wonder what the NSA & GCHQ have
    It's Not What You Know, It's What You Can Prove

  6. The Following 4 Users Say Thank You to M_C For This Useful Post:

    British green (24-08-17), Bud Lightyear (24-08-17), Trex (25-08-17)

  7. #14

    Join Date
    Aug 2017
    Location
    North Korea
    Posts
    114
    Thanks
    94
    Been Thanked: 160 Times

    Default

    Quote Originally Posted by M_C View Post
    Not wishing to burst your bubble, but HTTPS was cracked 4 year ago (Or at least that's the first time they admitted it) & there are tools available, via a quick google search, that will crack HTTPS in 30 seconds or less
    BREACH didn't crack SSL keys, it exploits compression. The exploit only worked if specific conditions were met. It's a chain of vulnerabilities that make up the exploit. It's easy to defend against that.

    Trust me, it's impossible to crack AES 256. Here's a quote:

    Breaking a symmetric 256-bit key by brute force requires 2128 times more computational power than a 128-bit key. Fifty supercomputers that could check a billion billion (1018) AES keys per second (if such a device could ever be made) would, in theory, require about 3×1051 years to exhaust the 256-bit key space.
    Last edited by Smokeful; 24-08-17 at 06:30 PM.

  8. The Following User Says Thank You to Smokeful For This Useful Post:

    M_C (24-08-17)

  9. #15

    Join Date
    Mar 2009
    Posts
    62,164
    Thanks
    177,527
    Been Thanked: 196,745 Times

    Default

    More recently from The Register...

    AES-256 keys sniffed in seconds using €200 of kit a few inches away

  10. The Following 2 Users Say Thank You to M_C For This Useful Post:

    Trex (25-08-17)

  11. #16

    Join Date
    Mar 2009
    Posts
    62,164
    Thanks
    177,527
    Been Thanked: 196,745 Times

    Default

    But anyway, it's all getting a little geeky for the average member... suffice it to say, if the authorities want your data, then they will get it

  12. The Following 4 Users Say Thank You to M_C For This Useful Post:

    British green (24-08-17), Trex (25-08-17)

  13. #17

    Join Date
    Jul 2012
    Location
    WinterFell
    Posts
    5,017
    Thanks
    1,924
    Been Thanked: 8,576 Times

    Default

    well this is the purpose of just doing 10 plants or under..im pretty sure old bill isnt gonna want to get us nearly as bad as the big cash croppers,then u got the darknet markets that is throwing out weed and other drugs by the pounds..as already said if they want to bust u it dont matter what u got vpn,tor and fake user names they will get u

    When the snows fall and the white winds blow, the lone wolf dies, but the pack survives.


    2018 Outdoor extravaganza https://www.thctalk.com/cannabis-foru...r-extravaganza

    2017 outdoor guerilla grow https://www.thctalk.com/cannabis-foru...tdoor-escapade

    2016 guerilla grow finished https://www.thctalk.com/cannabis-foru...adventure-2016

  14. The Following 4 Users Say Thank You to kyg For This Useful Post:

    British green (24-08-17), M_C (24-08-17), Trex (25-08-17)

  15. #18

    Join Date
    Aug 2017
    Location
    North Korea
    Posts
    114
    Thanks
    94
    Been Thanked: 160 Times

    Default

    The NSA do have backdoors nobody else knows about (0days) - and I'm willing to bet they put some of them there.

    But, to be on their hit list you're a serious criminal that they're specifically targeting. That's not what I was getting it. Without HTTPS on the site you're allowing Government agencies to sift through users data at any time they like and it's all there in plain text. With HTTPS that becomes impossible.

    It was just a suggestion anyway. I work in security, and it's standard practice on every web server I provision to use SSL. It would definitely be more beneficial to use HTTPS than it would to not use it.

  16. The Following User Says Thank You to Smokeful For This Useful Post:

    M_C (24-08-17)

  17. #19

    Join Date
    Aug 2017
    Location
    North Korea
    Posts
    114
    Thanks
    94
    Been Thanked: 160 Times

    Default

    Quote Originally Posted by M_C View Post
    More recently from The Register...

    AES-256 keys sniffed in seconds using €200 of kit a few inches away
    Sniffed does mean cracked They still haven't cracked the AES-256 key. I can sniff wifi packets flying all around me, but I can't read them. They're encrypted. Same thing.

  18. The Following User Says Thank You to Smokeful For This Useful Post:

    M_C (24-08-17)

  19. #20

    Join Date
    Apr 2015
    Location
    A Green and pleasant land
    Posts
    16,142
    Thanks
    65,121
    Been Thanked: 66,662 Times

    Default You guys should use HTTPS

    All I ask is they don't use a mod/admin size hammer to open my door. I'd be happier to leave it open or open it for them . My conclusion is the more you hide stuff or try not to be seen the more people wanna find you or look at you . The best you can't see me burglar costume is a hi viz jacket steel toe caps hard hat and a clip board 😃😃😃😃 lol


    Sent from a green pleasant land
    Last edited by British green; 24-08-17 at 07:14 PM.

  20. The Following 5 Users Say Thank You to British green For This Useful Post:

    BongJovi (24-08-17), M_C (24-08-17), Smokeful (25-08-17), Trex (25-08-17)

Page 2 of 4 FirstFirst 1 2 3 4 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


THCtalk.com Disclaimer - You must be over 18 years old to view/use this site .THCtalk.com does not encourage growing Cannabis or possessing Cannabis. Learning how to grow Cannabis instructions should be for educational purposes only. All Information contained in this web site is for: Historical reference, Scientific reference and Educational purposes only. Visitors to this website are advised against breaking the law as It is illegal to smoke, grow, or possess cannabis in the UK and some US States