Isthmus enables the 'man in the middle'

Comments on the paper, the website, the mobile site and all other Isthmus-generated products go here.
Mad Howler
Forum God/Goddess
Posts: 2247
Joined: Wed Apr 04, 2012 8:36 pm
Location: Wisconsin for now

Isthmus enables the 'man in the middle'

Postby Mad Howler » Sun Jan 21, 2018 11:24 pm

WTF is your problem?
This ain't about securing credit card data.
[http://forum.isthmus.com]
That https thing matters even more in discourse - unless not providing it matter more to your bottom line.
MH

gargantua
Forum God/Goddess
Posts: 11046
Joined: Sat Apr 13, 2002 1:30 pm
Location: Madison

Re: Isthmus enables the 'man in the middle'

Postby gargantua » Sun Jan 21, 2018 11:40 pm

I'm lost here. I admit it. Could you elaborate for those of us who may not have any idea what you're talking about?

Mad Howler
Forum God/Goddess
Posts: 2247
Joined: Wed Apr 04, 2012 8:36 pm
Location: Wisconsin for now

Re: Isthmus enables the 'man in the middle'

Postby Mad Howler » Sun Jan 21, 2018 11:51 pm

https://developers.google.com/web/funda ... /why-https
https://letsencrypt.org/docs/faq/

Open your eyes- this ain't perfect protection but wake up.

DCB
Forum God/Goddess
Posts: 5384
Joined: Fri Jun 20, 2008 5:08 pm

Re: Isthmus enables the 'man in the middle'

Postby DCB » Mon Jan 22, 2018 12:20 am

MH - throwing around links isn't a help. If you really think this issue is important, you should try explaining your concerns in simple, declarative sentences.

gargantua - he's referring to the fact that the URL for TDPF begins with 'http', not 'https'. Which means traffic to and from the server is not encrypted. Potentially someone could capture your TDPF password.

Just imagine if that happened -someone could post malicious things in your name!

I suppose the real problem might be if you used the same password for something actually important, e.g your bank.

Mad Howler
Forum God/Goddess
Posts: 2247
Joined: Wed Apr 04, 2012 8:36 pm
Location: Wisconsin for now

Re: Isthmus enables the 'man in the middle'

Postby Mad Howler » Mon Jan 22, 2018 1:04 am

Are you trolling for a "declarative sentence"?
*Whoever DCB is - is foolish to assume that he/she is participating in discourse in a safe place*
DCB wrote:MH - throwing around links isn't a help. If you really think this issue is important, you should try explaining your concerns in simple, declarative sentences.

gargantua - he's referring to the fact that the URL for TDPF begins with 'http', not 'https'. Which means traffic to and from the server is not encrypted. Potentially someone could capture your TDPF password.

Just imagine if that happened -someone could post malicious things in your name!

I suppose the real problem might be if you used the same password for something actually important, e.g your bank.

Mad Howler
Forum God/Goddess
Posts: 2247
Joined: Wed Apr 04, 2012 8:36 pm
Location: Wisconsin for now

Re: Isthmus enables the 'man in the middle'

Postby Mad Howler » Mon Jan 22, 2018 1:26 am

I guess I'm wondering what bothers Isthmus about implementing end to end encryption. I would have thought given all the attention Wisconsin (& Isthmus) got around 2011 some precautions might have clicked in place. Since this hasn't happened in any nominal sense - you & I are broadcasting extra data.
I suspect this "extra data" has some value.

thebookpolice
Forum God/Goddess
Posts: 8827
Joined: Fri Aug 04, 2006 1:09 pm
Location: The mystical Far East
Contact:

Re: Isthmus enables the 'man in the middle'

Postby thebookpolice » Mon Jan 22, 2018 8:30 am

WAKE UP SHEEPLE

timby
Forum Addict
Posts: 171
Joined: Sat May 08, 2010 7:40 pm
Location: Eastmorland

Re: Isthmus enables the 'man in the middle'

Postby timby » Mon Jan 22, 2018 8:33 am

JET FUEL CAN'T MELT STEEL BEAMS

gargantua
Forum God/Goddess
Posts: 11046
Joined: Sat Apr 13, 2002 1:30 pm
Location: Madison

Re: Isthmus enables the 'man in the middle'

Postby gargantua » Mon Jan 22, 2018 9:49 am

Mad Howler wrote:I guess I'm wondering what bothers Isthmus about implementing end to end encryption. I would have thought given all the attention Wisconsin (& Isthmus) got around 2011 some precautions might have clicked in place. Since this hasn't happened in any nominal sense - you & I are broadcasting extra data.
I suspect this "extra data" has some value.

Thanks for elaborating.

Beaver
Forum God/Goddess
Posts: 5442
Joined: Fri May 04, 2001 9:57 am
Location: Building a dam in the river
Contact:

Re: Isthmus enables the 'man in the middle'

Postby Beaver » Mon Jan 22, 2018 10:24 am

Mad Howler wrote:I guess I'm wondering what bothers Isthmus about implementing end to end encryption. I would have thought given all the attention Wisconsin (& Isthmus) got around 2011 some precautions might have clicked in place. Since this hasn't happened in any nominal sense - you & I are broadcasting extra data.
I suspect this "extra data" has some value.

What happened around 2011? Walker recall? What extra data are we broadcasting? User name, password, and ip address are all I can think of that a hacker could get.

penquin
Forum God/Goddess
Posts: 3060
Joined: Wed Mar 20, 2013 3:19 pm
Contact:

Re: Isthmus enables the 'man in the middle'

Postby penquin » Mon Jan 22, 2018 10:47 am

So ya'll are saying it wouldn't be too difficult for someone with the right talents to determine which (if any) user names on the forum are originating from the same ip address?

Good to know...thanks for sharing

Cadfael
Forum God/Goddess
Posts: 3637
Joined: Sun Aug 28, 2016 11:46 am

Re: Isthmus enables the 'man in the middle'

Postby Cadfael » Mon Jan 22, 2018 9:12 pm

Many if not most service providers are running out of assigned IP addresses and have divided their clients into massive subnets which have their own internal IP address on the providers' servers, but to the world they all appear to be from one IP address. There's information in the packets that tells them which computer at IP XXXX is sending, but it requires knowing the protocols for that particular provider.

So knowing that two users are showing the same IP address often means only that they're using the same internet service provider.

gozer
Forum God/Goddess
Posts: 5632
Joined: Sat Oct 26, 2002 1:35 pm
Location: everywhere
Contact:

Re: Isthmus enables the 'man in the middle'

Postby gozer » Fri Jan 26, 2018 10:42 pm

not to mention what isthmus' civil liability carrier would have to say about it, the risible/non-existent net.sleuthing skills of our resident stalkers and vandals not with standing . . .

penquin
Forum God/Goddess
Posts: 3060
Joined: Wed Mar 20, 2013 3:19 pm
Contact:

Re: Isthmus enables the 'man in the middle'

Postby penquin » Sat Jan 27, 2018 12:13 am

Cadfael wrote:So knowing that two users are showing the same IP address often means only that they're using the same internet service provider.


Sounds like someone is already making excuses.



Trying real hard to keep a straight face while saying that

gozer
Forum God/Goddess
Posts: 5632
Joined: Sat Oct 26, 2002 1:35 pm
Location: everywhere
Contact:

Re: Isthmus enables the 'man in the middle'

Postby gozer » Sat Jan 27, 2018 7:18 am

Mad Howler wrote:I guess I'm wondering what bothers Isthmus about implementing end to end encryption. I would have thought given all the attention Wisconsin (& Isthmus) got around 2011 some precautions might have clicked in place. Since this hasn't happened in any nominal sense - you & I are broadcasting extra data.
I suspect this "extra data" has some value.


2011 in isthmus land . . . amongst other things, was that the cataclysmic fall of the dewar & daisy chain? i thought that was 2002-3 . . .


Return to “Comments on Isthmus & isthmus.com”

Who is online

Users browsing this forum: No registered users and 6 guests