Google provides detailed analysis of Github attack traffic

Discussion in 'privacy problems' started by Minimalist, Apr 25, 2015.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,088
    https://threatpost.com/google-provides-detailed-analysis-of-github-attack-traffic
     
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    "Would not have been possible" - Even if that is true, it doesn't mean TLS is foolproof or efficient.
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,088
    No it doesn't. But it sure makes some attacks more difficult to pull off.
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Is there really anything to attack on every single website though? That is worth the overhead? That is the point I'm trying to get across.
     
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,088
    It depends. If a user (or a company) is a victim of targeted attack all their http connections to outside world could be manipulated by MITM. This would be harder to achieve if all traffic would be https instead of http. OTOH such attacker could probably easily use stolen certificates to try to hide their MITM actions.
    Encrypting all traffic would raise a bar for agencies that try to carry out mass surveillance. Is it worth? I don't know, you tell me.

    EDIT: I also found out this on EFF site:
    https://www.eff.org/https-everywher...te-to-support-HTTPS-compared-to-regular-HTTP?
     
    Last edited: Apr 26, 2015
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599
    Yep, https adds very little to overhead. I think its mostly lazy website admins that don't want to mess with setting it up, and that isn't too tough either.
     
  7. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,088
Loading...