I think it's useful to point out that these attacks have been going on for many years. There's been documentation of even more advanced network injection appliances being offered on the market since at least 2010 or earlier, e.g. FinFly ISP or HackingTeam's Infection Proxy.
-
-
-
Good point, but this is the still first time (to Citizenlab's knowledge) that anyone has actually caught pcaps of this technique being applied in the wild. It's the difference between rational suspicion of abuse, and established fact of that abuse.
-
That's for sure.
@citizenlab contribution of empirical evidence over the years has been invaluable and made otherwise abstract discussions very concrete. -
My point was simply that users have unfortunately been facing these attacks for long before. Ubiquity of encryption is an urgent remediation, rather than a prevention at this point.
End of conversation
New conversation -
-
-
-
Just before this photo was taken, was he informed Lindsay turned him in? Those eyes. Betrayal. Questioning everything she’s ever confided in you. He’s thinking: “when I see her at Gitmo, the things I’ll say will be my revenge”. She won’t be there, ed. That was the deal.
End of conversation
New conversation -
-
- 1 more reply
New conversation -
-
On the contrary, most of the HTTP/2 features that everyone wants are only enabled by browsers in a secure context. This means that if you want to really use HTTP/2, you de facto need TLS. The IETF's milquetoast encryption policies are no speedbump to real world deployment.
-
Activists: "We want mandatory encryption in HTTP/2." IETF: "Hmm, no, sorry." Browsers: "Don't worry, we got your back."
-
And the end result plays out a lot and is truly magical: Developer: "We're using HTTP/2." Manager: "Why isn't our page faster?" Developer: "The new HTTP/2 features are only available over HTTPS." Manager: "We need HTTPS then."
@LetsEncrypt: "Hello. Is it me you're looking for?" -
Ironically, the fact that TLS isn't mandatory for HTTP/2 in the IETF's standards might actually be a boon for the adoption of TLS thanks to the decisions made by browser vendors, because of other incentives.
-
In closing: While I understand the temptation to lambaste the IETF for seemingly weak policies on transport-layer security, the path they chose might very well be the local maximum for getting the Internet to be more secure. Strategy > Tactics
End of conversation
New conversation -
-
-
THANKS FOR RESPONDING SMARTLY :))
#QANONThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Are u black hat or white hat?
#Qanon#InternetBillOfRights#FreeTheInternet#QThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
- 1 more reply
New conversation -
-
Time for
@Elastos_org to introduce itself to the world. Internet 3.0 runs dApps on it's blockchain to remove man-in-the-middle attacks. No viruses, spyware, ddos, etc. Protects digital copyrights and gives users power to run anything via mobile.$ELA#cryptoThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.