[App_rpt-users] non SSL access to allstarlink.org

mike at midnighteng.com mike at midnighteng.com
Sun Nov 23 20:17:05 UTC 2014


Bryan, 

I don't think you will have much luck with non SSL unless the host
provides for it and that breaks the reason for using it. Message me
direct on exactly what you are trying to achieve. It should be doable
with SSL.

Chuck,

I think if you look closer, you will find that SSL is a method to say
the "route" between the server and the end user is authentic and can
only be used by that user in session.

Much like the now infamous police use of sting-ray 2 is to cell phones
interception. Putting yourself in the middle of data streams gives you
complete access to the data without detection.

In the beginning of e-commerce in the 90's and early 2000's, folks would
insert themselves in the path of all data and transactions and
intercept/record strings of data including Name, Address, CC #'s and SS
#'s with automated scripts and transparent to either end because all the
data would transpire as normal through them. 

SSL was the answer to that. With the use of encryption keys, they might
get the data but can't make any sense of it, hence, useless. 
Cell phones have the same type of security but can also be spoofed into
giving up the keys to a hacker that knows how it's done.

Just a personal note/fyi: 
Just because the government spends $1M on a device to snoop, it does not
mean that the same thing can't be done by a better than average hacker
for $1K. The $1M amount does not impress me, the $1K amount does.

The Harris Sting-Ray 2 cost the local law enforcement about $35K ea and
they get Homeland Defense Grant Money to purchase them to snoop on cell
phones.

But with a PC, software and a few pieces of $300 hardware, you can do
the same thing and be more flexible about how you do it. 

Now we have unknown snoopers near Wall Street and around Washington DC
and corporate HQ's and has been going on for many years. Now there are
10's of thousands of taxpayer paid devices out there and no log of the
use of them to know they are not being used for political snooping
purposes or personal monetary gain of the police officer who has access
to one. Part of the reason for Apple and Google's new encryption for
cell phones that is similar to SSL.


...mike/kb8jnm


-------- Original Message --------
Subject: Re: [App_rpt-users] non SSL access to allstarlink.org
From: Chuck Henderson <rpt2 at chuck.midlandsnetworking.com>
Date: Sun, November 23, 2014 9:49 am
To: Bryan Fields <bryan at bryanfields.net>
Cc: app_rpt mailing list <app_rpt-users at ohnosec.org>

I don't think it applies to this.  The encryption is not being used to
hide the content from the government.  The government has full access to
read the content.  The only requirement is they must capture the session
from the start and they must have access to a one million dollar device
that I have had access to.  I know that they have that.  In this case
the encryption is only to verify the communication is authentic and to
prevent unauthorized persons, other than the government, from breaking
into the system.  At least, that is my story and I am sticking to
it.Chuck


On Sun, Nov 16, 2014 at 10:56 AM, Bryan Fields <bryan at bryanfields.net>
wrote:
We can't do encryption over amateur radio, so when accessing it from my
ham radio 3400 mhz network it's technically a rule violation. 

On November 16, 2014 11:54:10 AM EST, Jim Duuuude
<telesistant at hotmail.com> wrote: No, why?

> Date: Sun, 16 Nov 2014 11:43:29 -0500
> From: Bryan at bryanfields.net
> To: app_rpt-users at ohnosec.org
> Subject: [App_rpt-users] non SSL access to allstarlink.org
> 
> Is there a url I can use to access this that does not redirect to the SSL server?
> 
> Thank you,
> 
> -- 
> Bryan Fields
> 
> 727-409-1194 - Voice
> 727-214-2508 - Fax
> http://bryanfields.net
> 
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at ohnosec.org
> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
> 
> To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
> You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem. 






--
 Bryan Fields
 727-409-1194
 http://bryanfields.net

_______________________________________________
 App_rpt-users mailing list
 App_rpt-users at ohnosec.org
 http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
 
 To unsubscribe from this list please visit
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll
down to the bottom of the page. Enter your email address and press the
"Unsubscribe or edit options button"
 You do not need a password to unsubscribe, you can do it via email
confirmation. If you have trouble unsubscribing, please send a message
to the list detailing the problem. 



_______________________________________________
App_rpt-users mailing list
App_rpt-users at ohnosec.org
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users

To unsubscribe from this list please visit
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll
down to the bottom of the page. Enter your email address and press the
"Unsubscribe or edit options button"
You do not need a password to unsubscribe, you can do it via email
confirmation. If you have trouble unsubscribing, please send a message
to the list detailing the problem.



More information about the App_rpt-users mailing list