When I hear "Steve Gibson" I usually giggle a bit and move right along. I think "Raw Sockets" when I hear Steve Gibson's name. However..... That was a good read. `
That was a great read. Can't help but notice that Wilder's does not employ the EV (extra verification) certificates. Admins - would that be much more overhead or why are they not in play here? Just curious since this place is all about security.
Because HTTPS isn't that important for a site like Wilders. There is no CC info being used and almost everything is public. That's why the SSL is the way it is.
I am not sure I agree with that statement. I suppose its relative for each member here. I'll grant you its not like logging into your Bank, but end to end encryption is really nice for peace of mind. HTTPS is just that - assuming - you are actually logged into the site you think you are. The EV aspect removes any possibility that someone/something is sitting in the middle and brokering your traffic in both directions. I don't want a "middleman" (sitting after my exit node) knowing that I am Palancar while I am logged in here or anywhere. Sure my tunnel protects going backwards, but I prefer to know the exit node to the end forum post is encrypted without question. I am not losing sleep, it would be a nice addition if the costs and overhead where small. In the meantime is there a way to log in somewhere here to find out the site's actual certificate fingerprint so I would know for sure by glancing in the browser?? I can see mine in a second but I would need to save the actual for comparison to be SURE. Easy to do.
There is a vBulletin FAQ that always shows the current self-signed certificate's fingerprints... https://www.wilderssecurity.com/faq.php?faq=wilders_custom_faqs#faq_wilders_ssl_tls_use Within that article, there are links to a few previous posts/threads of mine that explain my reasons for going with a self-signed certificate. (There is always a thread about it in General Topics in March of each year, which is when a new 1-year cert is installed.) The current year's cert is noted in this post, which includes both the text of the fingerprint and an image picture of it, as well. https://www.wilderssecurity.com/showpost.php?p=2205579
Thank you for the explanation. It makes perfect sense. Several of the sites I participate on have "self signed" certificates. I have noted your cert. fingerprints for my use. Rather take a few seconds and be safe. Its an easy habit to get into. This is really a great site with helpful folks. I try to help when I can as well. Awesome reliability so cudo's to Wilder's!!!!!!!!!!!
I agree. He has, at times, been the Chicken Little of the Internet. Those concerned with the subject matter of this thread may want to look at a couple of browser plugins designed to help alert you to the fact that someone [not necessarily your provider or place of work] may have compromised your connection to a secure website: - Convergence - Perpsectives There's also CertPatrol, though it's probably less useful if you start using it on a network that already has an SSL proxy in place.
Hey dear LockBox, Maybe we have to agree to disagree a little bit, my friend. When I hear "Steve Gibson", I think of the old days and of ShieldsUP!, LeakTest, Shoot The Messenger, UnPlug n' Pray, SpinRite, and more. (There was a now abonded program, made by Albert and based on the ideas of Joseph and with input by others, that was a direct "result" of LeakTest. We had a, now archived, sub-forum for it here. That was long before the HIPS times. Remember: how do you know that program A, that wants outbound connection, is actually program A and not malware program B). I think of that old PCHelp case that caused such an "uproar" and for which Steve created a special sub-forum (believe me, that was a hot topic back in those days). I think of very dear old friends here; some of them were very active on Steve's forums. Oh well, each has his/her memories of old days. Sometimes it is good to know about history. We have historians for that - back to topic -
We need more "Chicken Littles", I think. Reality keeps turning out far stranger than most had imagined