Internet inherently insecure and browsing is vulnerable to MITM attacks

[icecream-guy]

 


Systems Affected

All systems behind a hypertext transfer protocol secure (HTTPS) interception product are potentially affected........


https://www.us-cert.gov/ncas/alerts/TA17-075A

[deanwebb]

This is why we can't have nice things on the network...

[LynK]

TL;DR configure your crap correctly.

[ggnfs000]

More than 15 years ago, at a time when I haven't started my first computer science class, there was a lotus developer guy, friend of my Jewish host family. He said to me a quite a few good advices and stories of becoming sw engineer and meantime he kinda uttered one phrase which was, essentially "oh btw, I can hack into any computer network" , that was it. He did not even say it with bravado /just observing his tone of voice, they way he said and gestured/ rather he just kind of said that perhaps resemble someone is slipping a letter under a door or something. I mean I haven't even started my study but at least I knew but that time, man this guy ain't one of those prominent software engineer, or good talkers on media, he was just one of possibly hundreds and thousands of similar engineers around the country, very normal guy, well-rounded. So I thought if a regular guy like him says that computer network security must be really f**d up.

But regarding the guy, I might be wrong, he might have been an excellent engineer, he could be anything but ordinary, his outlooks and looks were nothing special.

[deanwebb]

It's not all that hard, if one is on the inside. That's why organized crime likes to get a guy working for them on the inside.

[ggnfs000]

Yes one mole or disgruntled employee is all it takes. Why spend billions on brute force or similar attacks when you can bribe the corrupt employee w mere million.

[deanwebb]

Yes one mole or disgruntled employee is all it takes. Why spend billions on brute force or similar attacks when you can bribe the corrupt employee w mere million.

Thousands or hundreds, even. The steps involved in compromising a person typically involve getting that person to do something that crosses a line and getting documentation about it, then letting the target know about the documentation. Then make a proposition: no need to worry as long as we keep getting what we want from you. Water under the bridge. No worries at all. What is unsaid is that if you go to the authorities, you will be destroyed and ruined. So, if you stay with them, you get a comfortable bump in your salary with your freelancing work and also avoid prison, divorce, loss of custody, and an IRS audit following asset seizure.