*URGENT* semi encrypted web pages

Raven007140 · #1 June 8th, 2012, 02:01 PM

Can malware be used to prevent a page from being fully encrypted?

Visited a site through tor browser and didn't show any warnings, then when I returned it said some of this site may not be encrypted...could a bad node intercepted the SSL certificate and adjust it to change the encryption?

EncryptedBytes · #2 June 8th, 2012, 02:06 PM

Not all websites use full SSL/TLS encryption means.This happens due to some websites chosing not to for performance reasons. Sometimes static content that is not specific to the user or transaction in question is not private and usually delivered through a non-crypted front server or separate server instance with no protection.

Raven007140 · #3 June 8th, 2012, 02:09 PM

But why does it only occasionally show the warning? And as I understand it if not all data is secure there are ways to unencrypt that which has been encrypted?

EncryptedBytes · #4 June 8th, 2012, 02:16 PM

Quote:

Originally Posted by Raven007140

But why does it only occasionally show the warning? And as I understand it if not all data is secure there are ways to unencrypt that which has been encrypted?

I am unsure what the website in question was, or how you returned to it, though it sounds like you had an encrypted session going with the website, and closed out of the session only to return and redirected to perhaps an unencrypted main page? I know by default the Tor bundle does not keep cookies after a session is closed.

Could the unsecure information be used to make inferences about the encrypted connection? Absolutely. Can it be used to decrypt a session? No it cannot.

Raven007140 · #5 June 8th, 2012, 02:42 PM

Credit card info was sent, will it be safe or should I cancel the card?

-http://store.origin.com/store/easa/en_IN/cat/battlefield/categoryID.12438300-

The section to enter the credit card info is HTTPS and was when I visited but occasionally it gives a warning message saying not all info is encrypted

Raven007140 · #6 June 8th, 2012, 02:56 PM

Also if I open the page info in firefox it shows everything is being sent by https: yet still give the error??

*sorry for double post but would not let me edit last post*

EncryptedBytes · #7 June 8th, 2012, 03:24 PM

Quote:

Originally Posted by Raven007140

Credit card info was sent, will it be safe or should I cancel the card?

-http://store.origin.com/store/easa/en_IN/cat/battlefield/categoryID.12438300-

The section to enter the credit card info is HTTPS and was when I visited but occasionally it gives a warning message saying not all info is encrypted

You're card information appears to be safe, well safe in transit anyway the site does use proper ssl for payment. I noticed the site does not support SSL natively and if you are using HTTPS everywhere or some variation to that add-on, browser alerts are triggered. I would highly advise you to weigh risks of sending PII/PHI/Financial information over Tor. Tor is meant for anonymity not privacy, and if such information is being passed to a server, anonymity is not achieved either and Tor is not needed and puts the user at greater risk.

Raven007140 · #8 June 8th, 2012, 03:27 PM

Quote:

Originally Posted by EncryptedBytes

You're card information appears to be safe, well safe in transit anyway the site does use proper ssl for payment. I noticed the site does not support SSL natively and if you are using HTTPS everywhere or some variation to that add-on, browser alerts are triggered. I would highly advise you to weigh risks of sending PII/PHI/Financial information over Tor. Tor is meant for anonymity not privacy, and if such information is being passed to a server, anonymity is not achieved either and Tor is not needed.

On another thread I read that SSL secures the info from the exit node and tor itself secures the data through the other nodes, so it should be secure?

Was using tor to bypass a regional block on the website, it was that or a public proxy

EncryptedBytes · #9 June 8th, 2012, 03:31 PM

Quote:

Originally Posted by Raven007140

What do you mean by proper SSL?

Pages that require the end user (you) to enter PII and banking information utilize valid certificates and whole page encryption sessions. The Tor exit node would not have sniffed any financial information in clear text.

Raven007140 · #10 June 8th, 2012, 03:46 PM

Thank you for your assistance, I was/am really worried.

EncryptedBytes · #11 June 8th, 2012, 03:56 PM

Quote:

Originally Posted by Raven007140

Thank you for your assistance, I was/am really worried.

What are you still concerned about? I'd be more than happy to help you understand any concepts you are unsure or clear about.

Raven007140 · #12 June 9th, 2012, 02:28 AM

Thanks but you have answered all the questions I had. Again, thank you, I really appreciate your help.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search