*URGENT* semi encrypted web pages

Discussion in 'privacy problems' started by Raven007140, Jun 8, 2012.

Thread Status:
Not open for further replies.
  1. Raven007140

    Raven007140 Registered Member

    Joined:
    Jun 8, 2012
    Posts:
    9
    Can malware be used to prevent a page from being fully encrypted?

    Visited a site through tor browser and didn't show any warnings, then when I returned it said some of this site may not be encrypted...could a bad node intercepted the SSL certificate and adjust it to change the encryption?
     
  2. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Not all websites use full SSL/TLS encryption means.This happens due to some websites chosing not to for performance reasons. Sometimes static content that is not specific to the user or transaction in question is not private and usually delivered through a non-crypted front server or separate server instance with no protection.
     
  3. Raven007140

    Raven007140 Registered Member

    Joined:
    Jun 8, 2012
    Posts:
    9
    But why does it only occasionally show the warning? And as I understand it if not all data is secure there are ways to unencrypt that which has been encrypted?
     
  4. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    I am unsure what the website in question was, or how you returned to it, though it sounds like you had an encrypted session going with the website, and closed out of the session only to return and redirected to perhaps an unencrypted main page? I know by default the Tor bundle does not keep cookies after a session is closed.

    Could the unsecure information be used to make inferences about the encrypted connection? Absolutely. Can it be used to decrypt a session? No it cannot.
     
  5. Raven007140

    Raven007140 Registered Member

    Joined:
    Jun 8, 2012
    Posts:
    9
    Credit card info was sent, will it be safe or should I cancel the card?

    -http://store.origin.com/store/easa/en_IN/cat/battlefield/categoryID.12438300-

    The section to enter the credit card info is HTTPS and was when I visited but occasionally it gives a warning message saying not all info is encrypted
     
    Last edited by a moderator: Jun 8, 2012
  6. Raven007140

    Raven007140 Registered Member

    Joined:
    Jun 8, 2012
    Posts:
    9
    Also if I open the page info in firefox it shows everything is being sent by https: yet still give the error??

    *sorry for double post but would not let me edit last post*
     
  7. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    You're card information appears to be safe, well safe in transit anyway the site does use proper ssl for payment. I noticed the site does not support SSL natively and if you are using HTTPS everywhere or some variation to that add-on, browser alerts are triggered. I would highly advise you to weigh risks of sending PII/PHI/Financial information over Tor. Tor is meant for anonymity not privacy, and if such information is being passed to a server, anonymity is not achieved either and Tor is not needed and puts the user at greater risk.
     
  8. Raven007140

    Raven007140 Registered Member

    Joined:
    Jun 8, 2012
    Posts:
    9
    On another thread I read that SSL secures the info from the exit node and tor itself secures the data through the other nodes, so it should be secure?

    Was using tor to bypass a regional block on the website, it was that or a public proxy
     
    Last edited: Jun 8, 2012
  9. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Pages that require the end user (you) to enter PII and banking information utilize valid certificates and whole page encryption sessions. The Tor exit node would not have sniffed any financial information in clear text.
     
  10. Raven007140

    Raven007140 Registered Member

    Joined:
    Jun 8, 2012
    Posts:
    9
    Thank you for your assistance, I was/am really worried.
     
  11. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    What are you still concerned about? I'd be more than happy to help you understand any concepts you are unsure or clear about.
     
  12. Raven007140

    Raven007140 Registered Member

    Joined:
    Jun 8, 2012
    Posts:
    9
    Thanks but you have answered all the questions I had. Again, thank you, I really appreciate your help.
     
Loading...
Thread Status:
Not open for further replies.