3. $104 and 8 hours of Amazon’s cloud computing is all it took to hack NSA’s we...

$104 and 8 hours of Amazon’s cloud computing is all it took to hack NSA’s website

You seem to have way overreacted to my post. I'm aware of most of the concerns you raised and my opinion is the same.

It is not true that TLS only works if both sides have a certificate. There are many instances when it is useful to authenticate a server, but the client remains anonymous (with regard to the authentication at least, of course there's IP addresses and fingerprinting etc).

It does not break TLS to use it in this way to shop. It provides some level of assurance that you are directly connected to the business you think you're connecting to and that you can give them credit card information or whatever other information securely.

DNS is not secure, true, but for users who know to expect a TLS connection, they will know something went wrong. And if the server uses strict transport security, the browser will refuse to connect to the spoofed site. And I wasn't suggesting that TLS hid what site you were visiting, only what pages you visit within a domain.

I used the wrong word when I said "false information" before, I meant integrity, right. Obviously the source may not be trustworthy either, but if you go to nsa.gov to get a document published by the NSA, it's good to know someone else hasn't slipped in some maliciously modified replacement.

What I'm suggesting is relatively trivial is correctly configuring a TLS server not to use 56-bit ciphers and 512-bit RSA. Yes total cyber security is difficult to the point of virtual impossibility, my point is only that having a reasonably secure website with well configured HTTPS is not something to worry about how much tax money is spent on, it won't be that much. And there are government websites where people do submit information and have a greater security need than sites which are just there to read, so the government needs to be capable of doing this anyway, and applying the same secure configuration to read-only servers is not such a great marginal cost.

In fact there's a lot of inconsistency in the security configurations of government websites. If the NSA cared at all about defense, they could work out some standard software configuration for government servers. If anyone has the resources to do it right, they do, but unfortunately their priorities seem to be with breaking everything instead.

/r/hacking Thread Link - motherboard.vice.com
Previous
Next

Recently removed from /r/hacking

What is this on my cellphone? When I searched for it, it came up as a remote monitoring hacking interface, and I suspect that my work may be monitoring my cellphone. I think now, I actually have proof: Can the origin of this be detected? I am referring to the "com.drogecomputing.pro" Can someone answer the following? Is possible that I can get hacked this way? What does the padlock mean on the top left of my address bar? Is that the same as buying a proxy VPN? Bypassing BIOS passwords Find someone from California. A friend says he's been hacked I built Pass | Guess, the Ultimate password vulnerability demo How could one find out more about a phone number? Are there any specific examples of a hacker being forced/compelled by their government to attack another country or business? Certified Ethical Hacking for Pentesting Apple offers $1.5 million reward for anyone who can hack their new iPhone I just found out a website is storing my password in plaintext, what should I do? The NSA says it's time to drop its massive phone-surveillance program NSA Releases GHIDRA 9.0 — Free, Powerful Reverse Engineering Tool – PentestTools

More Random Comments

Some questions on DEFI and Nano Morgan Wallen issues apology for using racial slur. How low do you think the price will ever get on PS4, so that a poor fellow gamer will be able to play RDR2? When shops and takeaways pretend their card machine is broken, only for it to miraculously fix itself when you don't have cash. power settings What is your “nobody will ever believe this” story? Normalise women wearing shorts Mistaken Identity Issue: I AM NOT THE RAVEN FROM MY IMMORTAL: BUT DID THEY STEAL MY OC? Help With Unrequited/Forbidden Love Just found out that Atari was manufacturing some of their arcade cabinets in Ireland. Cool stuff! Mark Manson's Tasks to test your seduction skills. ID Help Please. Southeast Texas. How can 65k+ people not see something wrong/offensive with the title? Super disappointed Can you believe that 97% of people with celiac are undiagnosed? Unpopular opinion (Maybe) - FUT Champs is the best game mode in FUT.