| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 13 Oct 2007 10:24:47 -0400 From: <full-disclosure@...hmail.com> To: <hhoffman@...solutions.net> Cc: kristian.hermansen@...il.com, full-disclosure@...ts.grok.org.uk Subject: Re: extension for Firefox to force HTTPS always? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear 3APAPA, In the English language, the words criticism and suggestion are not synonyms. If you could please kindly point out where Vladis makes a suggestion (anywhere, anytime), or says anything constructive (anywhere, anytime), or anything remotely clever (anywhere, anytime) I would greatly appreciate it. I am however impressed with your use of advanced computer hacking tools such as host, openssl, and tcpdump in the Linux computer hacking environment. I feel your pain on the icmp issue as well. Some people are just ratfuck bastards. Cheers! On Fri, 12 Oct 2007 22:12:08 -0400 Harry Hoffman <hhoffman@ip- solutions.net> wrote: >what is wrong with his suggestion? > >If you look at the situation the following things happen: > >[hhoffman@...alhost ~]$ host www.cnn.com >www.cnn.com has address 64.236.16.20 >www.cnn.com has address 64.236.16.52 >www.cnn.com has address 64.236.24.12 >www.cnn.com has address 64.236.29.120 >www.cnn.com has address 64.236.91.21 >www.cnn.com has address 64.236.91.22 >www.cnn.com has address 64.236.91.23 >www.cnn.com has address 64.236.91.24 >Host www.cnn.com not found: 3(NXDOMAIN) > > >[hhoffman@...alhost ~]$ openssl s_client -connect www.cnn.com:443 > > >[root@...alhost ~]# tcpdump -i wlan0 -ln tcp port 443 and net >'64.236' >tcpdump: verbose output suppressed, use -v or -vv for full >protocol decode >listening on wlan0, link-type EN10MB (Ethernet), capture size 96 >bytes >22:02:32.427607 IP 192.168.1.103.35113 > 64.236.24.12.https: S >2923208691:2923208691(0) win 5840 <mss 1460,sackOK,timestamp >102380687 >0,nop,wscale 7> >22:02:35.427467 IP 192.168.1.103.35113 > 64.236.24.12.https: S >2923208691:2923208691(0) win 5840 <mss 1460,sackOK,timestamp >102383687 >0,nop,wscale 7> >22:02:41.427496 IP 192.168.1.103.35113 > 64.236.24.12.https: S >2923208691:2923208691(0) win 5840 <mss 1460,sackOK,timestamp >102389687 >0,nop,wscale 7> >22:02:53.427470 IP 192.168.1.103.35113 > 64.236.24.12.https: S >2923208691:2923208691(0) win 5840 <mss 1460,sackOK,timestamp >102401687 >0,nop,wscale 7> >22:03:17.427469 IP 192.168.1.103.35113 > 64.236.24.12.https: S >2923208691:2923208691(0) win 5840 <mss 1460,sackOK,timestamp >102425687 >0,nop,wscale 7> >22:04:05.427466 IP 192.168.1.103.35113 > 64.236.24.12.https: S >2923208691:2923208691(0) win 5840 <mss 1460,sackOK,timestamp >102473687 >0,nop,wscale 7> >22:05:41.427556 IP 192.168.1.103.47627 > 64.236.29.120.https: S >2954205762:2954205762(0) win 5840 <mss 1460,sackOK,timestamp >102569687 >0,nop,wscale 7> >22:05:44.427467 IP 192.168.1.103.47627 > 64.236.29.120.https: S >2954205762:2954205762(0) win 5840 <mss 1460,sackOK,timestamp >102572687 >0,nop,wscale 7> >22:05:50.427472 IP 192.168.1.103.47627 > 64.236.29.120.https: S >2954205762:2954205762(0) win 5840 <mss 1460,sackOK,timestamp >102578687 >0,nop,wscale 7> >22:06:02.428441 IP 192.168.1.103.47627 > 64.236.29.120.https: S >2954205762:2954205762(0) win 5840 <mss 1460,sackOK,timestamp >102590687 >0,nop,wscale 7> > > >If there are a ton of addresses associated with the hostname >record >you'd be sitting there for a long time, no? > >It'd be nice if sites sent a unreachable message but some ppl >still >believe that blocking all ICMP is ok... > >go figure. > >Cheers, >Harry > > >full-disclosure@...hmail.com wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> MAYBE YOU HAVE A SUGGESTION OR SOMETHING CONSTRUCTIVE TO SAY >AFTER >> ALL THESE YEARS VLADIS OR MAYBE YOU SHOULD SHUT THE FUCK UP!!! >> >> YOU AREN'T SMARTER THAN WE THINK YOU ARE >> >> On Fri, 12 Oct 2007 21:55:37 -0400 Valdis.Kletnieks@...edu >wrote: >>> On Fri, 12 Oct 2007 15:06:14 PDT, Kristian Erik Hermansen said: >>>> I just wanted to clarify that I am looking for an extension >that >>> will >>>> rewrite all encountered HTTP references in Firefox to HTTPS. >I >>> would >>>> already have a firewall or some other layer7 filtering device >>> blocking >>>> unencrypted traffic. The addon "Better Gmail" does something >>> similar >>>> to this, with the "force HTTPS" option, but not exactly... >>> What should this hypothetical extension do if it automagically >>> redirect >>> http: to https:, but the target server is something that is >only >>> listening >>> on port 80 because it doesn't have https: enabled? >>> >>> https://www.cnn.com just sorta sits there for me. >> -----BEGIN PGP SIGNATURE----- >> Note: This signature can be verified at >https://www.hushtools.com/verify >> Charset: UTF8 >> Version: Hush 2.5 >> >> >wpwEAQECAAYFAkcQJ40ACgkQ+dWaEhErNvQjfAQAhvRta2YldG0s+RPwOOYQJhmavq4 >c >> >uo/dTsCd3EQy6yQru6oGcmWR7CdCo8EvwoTpB0EwLgVW4z7/lujiayEMECV4zejTNzt >w >> >NSabygNoko5I8wh5trmqvoSb4RfPW79qEWLgTosECR1dsCu5FfXuKZhgQwbweWpi09g >h >> zDPTvGg= >> =jxe7 >> -----END PGP SIGNATURE----- >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wpwEAQECAAYFAkcQ1S8ACgkQ+dWaEhErNvTKWQP9FkS3CGP5+EN4cTf8WUbmbJfbJ4cP ZfizqYMy71CpaBYa/Nrwb8k4rGuuy6A3dOOErMTFrei9y7nj8NJCTAc7xjgQQnsibq2u WlC4FqPqciFs614cbQskiX6za88UGz6SktWGMz8N29UD4Y02SDHwbalER153pGfGCey8 wTOFQaI= =mH+r -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists