Do you have any corporate policy that explicitly distrusts the "Entrust Root Certification Authority - G2" or the "Entrust Certification Authority - L1K" which have been valid and trusted since 2009 and 2012 respectively?
Come back and tell us more after you know what those questions mean and can answer them.
Baer always seems to have bizarre problems that _no_one_else_ever_ experiences ;-) ...Jim Thompson
--
| James E.Thompson | mens |
| Analog Innovations | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| San Tan Valley, AZ 85142 Skype: skypeanalog | |
| Voice:(480)460-2350 Fax: Available upon request | Brass Rat |
| E-mail Icon at http://www.analog-innovations.com | 1962 |
I love to cook with wine. Sometimes I even put it in the food.
That is a good question. Unfortunately an increasing number of people don't get that. They even broke down the remaining trust in the certificate system to have it their way.
I do not use (may i swear) IE; but the latest SeaMonkey and FireFox posts that "error" message. Except for volume commercial HTTPS: (banks etc), one gets that message (and it is browser age independent).
There was this character in the old ?Abner? cartoon named Bfxqk or something that always had a dark, rainy cloud over his head. For me, there is always something going wrong. One time (do not ask how), my system date got mangled to something like millions (or so) years in the future.
There's public and then there's public. For instance, last month somebody hacked the public Linux Mint download site and put a backdoored ISO image on it.
Also note that MITM attacks are a tiny proportion of attacks. They do occur, and sometimes they are part of the more advanced attacks, but they are a minor nuisance for most people.
The trouble with doing a MITM attack is that you need to get in the middle!
If you are trying to do a MITM attack on someone using a home PC to communicate with a web server somewhere, you need to have hacked in to some system along that path - the user's home router, the user's ISP, the backbone providers, the server's ISP, or some system at the server end. If you can attack the server end, you don't need an MITM attack - you are already "in". ISP's usually have pretty tight security, precisely because they can be a target for such attacks. And generally trying to get into home routers is going to be a huge amount of effort for very little possible return.
Where MITM attacks are possible, and where they work, is by setting up fake Wifi hotspots. People can connect to them from their mobiles or laptops, and their traffic passes through your hotspot. So with mobiles, you have to be aware of this - that's why mobile-oriented services like google and facebook are very keen on https.
Since no one downloads a Linux Mint ISO from their mobile, MITM attacks on the Mint website are pretty much irrelevant, as is using https rather than http.
Indeed! MITM via a rogue WiFi spot will easily get you a number of passwords for home users (because people are running plain POP3 to get their mail), but to get the password of a Mint maintainer this way, you would need to MITM exactly HIS connection, not that of a random person. This will be much more difficult to achieve.
Still, I think it is unwise to run an important website on a CMS that allows maintenance by logging in from an "outside" connection. (i.e. via the same path as the visitors use)
Website maintenance should be done from inside, or when there is no inside (e.g. because it is hosted at some internet provider), a VPN or similar should be used, with 2-factor authentication. This makes it really irrelevant if the outside of the site is running https or not.
Furtermore, past experience has shown that it is unwise to use a free PHP-based CMS. They can be built in a secure way, but not by the people who normally take on that job. (and with the features they choose to implement)
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.