D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]



On Wed, 20 Nov 2013, Simon Waters wrote:
Another good reason to use HTTPS.

Https will stop the average 12 year old doing this.

Not so sure. I know a lot of HTTPS is broken, but not to the point where an adversary controlling the cables can inject packets in real time.

That's the whole thing: simply because traffic between Belgacom and LinkedIn and Slashdot goes via Cornwall, GCHQ can just sit there and inject packets when it wants to. At least that's what I understand to have happened.

You can of course do things with forged certificates and routing traffic through your servers, but that is a lot more difficult to do and easier to detect.


The Mailing List for the Devon & Cornwall LUG
FAQ: http://www.dcglug.org.uk/listfaq