This site uses https aka secure http (it will run as http too but you should use https://bjoernvold.com/forum).
This means that a certificate from a third party - Comodo CA Limited - voches for it so the data transfer is secure and not intersepted.
Now this is a somwhat false security since your ISP and other "top dogs" can easily spoof and intercept SSL sites!
YOUR web browser's Internet connection MAY be intercepted by your employer, school, church, ISP or whatever organization is providing the Internet connection.
Some even offer this as a feature and call it "HTTPS inspection":
This means that your certificate is worth nothing and that a false certificate is used to break the encryption to "inspect it"
If you can avoid it?
No - you can't!
BUT... you can detect it and tell off your ISP since this is illegal in many countries (probably mandatory in the US since they seem to feel entitled to everything). ....because it is NOT POSSIBLE to COMPLETELY spoof ANY security certificate.
The public key will change when a different certificate is used to intersept the browser will be forced to use a different public key!
...And that is the key
Here is the key for this site:
37 DF DE 8D 25 4B 6F BF F3 15 3A E7 85 91 0F 4DC8 03 5E 2E
To check it in Firefox:
Click on the padlock at the far left end of the URL address bar.
Click the More “Information...” button.
Click the “Security” icon/tab at the top of the “Page Info” dialog.
Click “View Certificate”.
Verify that the certificate's name under “Common Name (CN)” exactly matches what this GRC page shows.
The SHA1 fingerprint is shown under “Fingerprints”.
If the key is diffrent then someone providing your internt is snooping - for sure (drop them!).
If it is identical everything is OK and the SSL is working as it is supposed too.
I have not ben able to find out how to check the Certificate in Chrome - so feel free to help me with that
https security information
Moderators: b1o, jkerr82508
https security information
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"
"There are no stupid questions - Only stupid answers!"
- dedanna1029
- Sound-Berserk
- Posts: 8780
- Joined: 14 Mar 2010, 20:29
- Contact:
Re: https security information
Thank you for the heads up!
I'd rather be a free person who fears terrorists, than be a "safe" person who fears the government.
No gods, no masters.
"A druid is by nature anarchistic, that is, submits to no one."
http://uk.druidcollege.org/faqs.html
No gods, no masters.
"A druid is by nature anarchistic, that is, submits to no one."
http://uk.druidcollege.org/faqs.html
Re: https security information
Regarding https://viking60.no-ip.org/owncloud
I have figured out how to check the certificate in Chrome based browsers (Chromium Brave Iridium ++)
Enter this in your address bar
and enable show certificate-link
Then you can click the green lock on the top left and check the certificate.
The certificate will be auto renewed once a year or so and that will change the code above (I'll try to keep up and edit it when that happens)
I have figured out how to check the certificate in Chrome based browsers (Chromium Brave Iridium ++)
Enter this in your address bar
Code: Select all
chrome://flags/#show-cert-link
and enable show certificate-link
Then you can click the green lock on the top left and check the certificate.
The certificate will be auto renewed once a year or so and that will change the code above (I'll try to keep up and edit it when that happens)
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"
"There are no stupid questions - Only stupid answers!"
- Snorkasaurus
- Berserk
- Posts: 587
- Joined: 30 Dec 2013, 19:19
- Contact:
Re: https security information
viking60 wrote:Now this is a somwhat false security since your ISP and other "top dogs" can easily spoof and intercept SSL sites!
The solution to transparent SSL/TLS interception is TLSA. It is a pain to setup, and is rarely validated, but it works just fine.
Just sayin'.
s.