HTTPS

bronco21016 · Jun 30, 2013

Just my typical paranoia since the NSA stuff.... I noticed Jetcareers doesn't use SSL/TLS at all. Any chance of having that feature? I guess it probably costs more since you need a Certificate Authority and the content of the forums isn't usually super sensitive data but maybe your host offers it for free? Just curious.

derg · Jun 30, 2013

bronco21016 said:
Just my typical paranoia since the NSA stuff.... I noticed Jetcareers doesn't use SSL/TLS at all. Any chance of having that feature? I guess it probably costs more since you need a Certificate Authority and the content of the forums isn't usually super sensitive data but maybe your host offers it for free? Just curious.

it's available, but man, having to deal with everyone's certificate issues on potentially non-compliant browers would be a nightmare.

Plus, if the Feds are after you, all of the CA/TLS/HTTPS isn't going to amount to a hill of beans.

It largely protects you from the small change miscreant hackers, but on a grand scale, once data goes digital it's not that secure.

Screaming_Emu · Jun 30, 2013

Derg said:
it's available, but man, having to deal with everyone's certificate issues on potentially non-compliant browers would be a nightmare.

Plus, if the Feds are after you, all of the CA/TLS/HTTPS isn't going to amount to a hill of beans.

It largely protects you from the small change miscreant hackers, but on a grand scale, once data goes digital it's not that secure.

Exactly. While I'm not pleased with it, am I the only one who when the news came out about the NSA said "duh..."?

derg · Jun 30, 2013

Screaming_Emu said:
Exactly. While I'm not pleased with it, am I the only one who when the news came out about the NSA said "duh..."?

That makes two of us!

drunkenbeagle · Jun 30, 2013

bronco21016 said:
Just my typical paranoia since the NSA stuff.... I noticed Jetcareers doesn't use SSL/TLS at all. Any chance of having that feature? I guess it probably costs more since you need a Certificate Authority and the content of the forums isn't usually super sensitive data but maybe your host offers it for free? Just curious.

You can accept a self-signed certificate from Doug, which would be just as secure (and free).

BUT, there isn't really much point, since everything posted here is public anyway.

drunkenbeagle · Jun 30, 2013

Screaming_Emu said:
Exactly. While I'm not pleased with it, am I the only one who when the news came out about the NSA said "duh..."?

It has long been suspected that the NSA was doing exactly that, but there was no public debate about it. As long as it was a "National Security Secret," there is really not public discourse about it.

From what I have seen, in the last few years, there has been a massive, huge, explosive growth in the amount of data analysis and storage going on inside the government. (Public knowledge, take a look at how many Hadoop/MySQL/Oracle/Bigdata job openings there are that require security clearances). Part two, there are so many security clearances being handed out (5 million at last count), that it is a matter of time before data gets leaked (like why it is in the news right now). And what we don't hear about, when the data gets sold to foreign governments.

With "Big Data" analysis, there is not good way to compartmentalize data. If you are going to collect a massive amount of sensitive data, it is only valuable to analysts if they can query huge amounts of it. Lots of analysts, and it only takes a few bad apples to misappropriate it.

bronco21016 · Jun 30, 2013

drunkenbeagle said:
BUT, there isn't really much point, since everything posted here is public anyway.

Didn't really think of that but yea the whole forum is public except for a few spots. Oh, and free registration.

Derg said:
it's available, but man, having to deal with everyone's certificate issues on potentially non-compliant browers would be a nightmare.

Plus, if the Feds are after you, all of the CA/TLS/HTTPS isn't going to amount to a hill of beans.

It largely protects you from the small change miscreant hackers, but on a grand scale, once data goes digital it's not that secure.

The NSA paranoia is just what triggered the thought. What I'm really after is making sure Adler isn't stealing my JC password in the DTW crew room!

Adler · Jun 30, 2013

bronco21016 said:
The NSA paranoia is just what triggered the thought. What I'm really after is making sure Adler isn't stealing my JC password in the DTW crew room!

Lucky for you I don't have access to the DTW crew room.

Autothrust Blue · Jul 1, 2013

drunkenbeagle said:
You can accept a self-signed certificate from Doug, which would be just as secure (and free).

Yeah, how about no, okay?

related:

SpiraMirabilis · Jul 4, 2013

I have to disagree with Doug here, TLS security is very robust. Even with the large supercomputer bank the NSA surely has I imagine it would be difficult for them to crack it.

derg · Jul 4, 2013

SpiraMirabilis said:
I have to disagree with Doug here, TLS security is very robust. Even with the large supercomputer bank the NSA surely has I imagine it would be difficult for them to crack it.

For a public forum? What in the world would the NSA see, sans https that Google doesn't index daily?

I'm very interested in what I'm apparently missing here.

Autothrust Blue · Jul 4, 2013

Derg said:
For a public forum? What in the world would the NSA see, sans https that Google doesn't index daily?

I'm very interested in what I'm apparently missing here.

Authentication tokens should be passed over TLS, but whatever.

HTTPS

bronco21016

I know H.T.M.L. (How To Meet Ladies)

derg

Apparently a "terse" writer

Screaming_Emu

Well-Known Member

derg

Apparently a "terse" writer

drunkenbeagle

Gang Member

drunkenbeagle

Gang Member

bronco21016

I know H.T.M.L. (How To Meet Ladies)

Adler

Guest

Autothrust Blue

Welcome aboard the Washington State Ferries

SpiraMirabilis

Possible Subversive

derg

Apparently a "terse" writer

Autothrust Blue

Welcome aboard the Washington State Ferries