Peter wrote:
Sure you can be, but who cares? Hey, somebody could spoof me on EuroGA. Might be an improvement
I care because many social engineering attacks are based on impersonation. Social engineering attacks are one of the most important starting points for hacking.
The new certificate is installed and the site will redirect all requests to HTTPS now. There are a few protocol improvements still to be made, but they require other updates which are still in the pipeline.
I care because many social engineering attacks are based on impersonation. Social engineering attacks are one of the most important starting points for hacking.
Aren’t those done mostly by email or IM?
Example: you see that somebody is posting pics somewhere whose EXIF reveals they were taken with a Nikon D800 camera, so you email them saying there is a new firmware for their D800 camera, and trick them into downloading a self-extracting installer Etc. I once got a Cisco “penetration specialist” to try to hack my peter2000.co.uk website and while he could not he did tell me of a few common social engineering exploits like that.
That is one reason why FB etc strip off EXIF; the other is anti stalking (GPS location etc). Also this strips off copyright messages which is equally important to FB
And with an ADSL router anybody can get the model #, without you having to post pics anywhere.
I’m getting issues today (started mid morning)
Showing as “Not secure” on the address bar, and also had the annoying chrome warning a couple of times.
It’s been fixed now. It was a time-expired certificate.
In Firefox you can create an exception but Chrome doesn’t allow it.