Author Topic: https  (Read 5103 times)

weVeg

  • Hero Member
  • *****
  • Posts: 737
    • View Profile
on: November 12, 2012, 06:39:48 PM
Why there isn't the site with https? can we improve that?

ciao dears
« Last Edit: November 12, 2012, 06:53:33 PM by weVeg »

una voce libera è sempre liberatrice
under_r00t


r083rt

  • Guest
Reply #1 on: November 12, 2012, 07:06:07 PM
its not really required .. all security begins and ends at htaccess in a sense .. & cpanel configurations or if its install on your own managed server then you have pretty much full control of how it operates and is secured

its not hard to create or impersonate an sslcert

if its the user your thinking for a secure login ? ;D  ..... having ssl is not designed to stop the site from getting hacked ? i.e gaining access
its might added a small bit of added secuirty buts its more for peace of mind for the user but its really not nessasary we aint  buying anything its more for a webpage or site that deals with   money transfers and even thats not safe with https so in a sense its pointless


its also a sign of that you dont what your doing if your adding one to a pentest website !!
buy hey ... if they want to add it .. its no harm !!!  :-[

valid question just not required ...weveg no offence meant just answering the question !!!
« Last Edit: November 12, 2012, 07:27:24 PM by r083rt »



weVeg

  • Hero Member
  • *****
  • Posts: 737
    • View Profile
Reply #2 on: November 12, 2012, 09:41:14 PM
so, I know that it's simple to replace ssl cert and spoof, therefore to have or not https might be useless... but "why not"?
what you said is right, but for a simple "good stuff  to do"  surfing the web with https it is the one....
I have FFox addons https everywhere and i'm looking for https version of the site, but i didn't found that, hence my question!

una voce libera è sempre liberatrice
under_r00t


r083rt

  • Guest
Reply #3 on: November 12, 2012, 10:53:00 PM
Bro https everywhere does not stop sslstrip  :P   ;D
putting https on every site might make it a little slower and a little harder but in essence it doesnt stop sslstrip
Ive done some testing with https everywhere and its not woth it and it has trouble loading a lot of sites and has some conflicts
its a gimmick not worth the editor it was written on .. all them sort of plugins are junk !!!!!

if you want some level of secuirty...  tunnel your taffic through shell use SDF or some other one  there a good few good free shells out there


Quote
therefore to have or not https might be useless... but "why not"?

CASE AND POINT  :D
I hear what your saying but if its a case of just having https for the sake of having https is there really a point ??

WHY NOT well if it pointless why use it .. it serves no purpose leave the sslcert to the likes of sites that think its secure !!





« Last Edit: November 12, 2012, 11:35:00 PM by r083rt »



weVeg

  • Hero Member
  • *****
  • Posts: 737
    • View Profile
Reply #4 on: November 12, 2012, 11:43:42 PM
bob (can I call you bob??) again, what you said is right, ok! we know even that security doesn't exist, then why use antivirus? why use firewall? why hardening kernel or all the stuff??? why protect us??? I know that i'll be dead but not for this reason I'll kill myself tonight!!!
we can "fry the air" all night long with this post, you know?!?!?!? =)

una voce libera è sempre liberatrice
under_r00t


r083rt

  • Guest
Reply #5 on: November 12, 2012, 11:53:25 PM
Ill allow you the privilege of calling me bob   ;D

ok so what can i say Im not trying to diss your post im just saying that https on a pentest website is pointless
and https plugins  etc etc are useless and to get some security use open shell and tunnel your traffic and that too can be intercepted
what Can I say except lock you door and dont go out side or touch the computer ,phone or talk to anyone that way you are 100% secure


you'll starve to dead but hey you'll be secure  ;D    

ok ill leave this post like this if you want ask the admins to buy a sslcert and stick it on the site :)  do so

will this make you happy brother !!! CAN WE AGREE TO DISAGREE  :P
« Last Edit: November 12, 2012, 11:57:22 PM by r083rt »



ZEROF

  • Hero Member
  • *****
  • Posts: 1245
    • View Profile
    • Pen Tester
Reply #6 on: November 14, 2012, 10:28:43 PM
Hi bro,

I was out from internet almost 2 weeks and now i try to check what is going around community. About SSL, that is what I call "one more service to pay" :). Nothing against for sure, but BBox community use CDN(Content delivery network), that is good firewall for site and forum. SSL is good to have in the future, but in this point i don't know if  we can or need to spend money for it. I got some mail from hosting providers that i need to check and i have friend that will try to provide us with one server or VPS for BBox community, but 1st i need to check all mails from last 2 weeks, i was on trip and i need to take care about many things, hope to see some good news in my mails :).


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*