+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 27

Thread: Is the deprecation of insecure HTTP an attack on alternative media?

  1. Link to Post #1
    United States Avalon Retired Member
    Join Date
    4th January 2011
    Location
    North Texas
    Age
    72
    Posts
    27,723
    Thanks
    28,846
    Thanked 129,174 times in 20,635 posts

    Default Is the deprecation of insecure HTTP an attack on alternative media?

    It seems that both Google and Mozilla are increasingly favoring secure HTTP (HTTPS) over HTTP. See for example:This puts smaller alternative media websites, such as ProjectAvalon.net, at a disadvantage, since we cannot easily adapt secure HTTPS technology. The vBulletin software we use does not handle HTTPS, and cannot be converted for any reasonable effort (believe me, Ilie has tried.)

    Eventually, if this keeps up, only sites running HTTPS (encrypted HTTP) will be widely visible, as more and more end-users come to distrust "old fashioned, unencrypted, insecure, and risky" HTTP.

    What's more, only those HTTPS sites that can get trusted certificates from the certificate issuing authorities will be allowed through without, at a minimum, warnings in the browser to the user of an insecure site, or, later on, allowed through at all on many end-user systems and configurations.

    Question: could this be (no doubt one of many) ways of attacking smaller alternative media websites?

  2. The Following 28 Users Say Thank You to Paul For This Post:

    aranuk (1st May 2015), Cidersomerset (1st May 2015), DeDukshyn (1st May 2015), Deega (1st May 2015), Elisheva (2nd May 2015), Flash (1st May 2015), Gardener (5th May 2015), grannyfranny100 (7th May 2015), Hervé (1st May 2015), JRS (2nd May 2015), kanishk (7th May 2015), Lefty Dave (2nd May 2015), looking-glass (2nd May 2015), mab777 (1st May 2015), Melinda (2nd May 2015), Muzz (4th May 2015), naste.de.lumina (1st May 2015), Nasu (2nd May 2015), Omni (8th May 2015), shadowstalker (1st May 2015), Sierra (7th May 2015), Sophocles (1st May 2015), Star Tsar (1st May 2015), Tesla_WTC_Solution (1st May 2015), Truthseeker85 (2nd May 2015), ulli (1st May 2015), Zanshin (1st May 2015)

  3. Link to Post #2
    France Administrator Hervé's Avatar
    Join Date
    7th March 2011
    Location
    Brittany
    Posts
    16,766
    Thanks
    60,316
    Thanked 95,036 times in 15,475 posts

    Default Re: Is the deprecation of insecure HTTP an attack on alternative media?

    ... ... ...



    ... going out the way of the dinosaurs...
    "La réalité est un rêve que l'on fait atterrir" San Antonio AKA F. Dard

    Troll-hood motto: Never, ever, however, whatsoever, to anyone, a point concede.

  4. The Following 7 Users Say Thank You to Hervé For This Post:

    DeDukshyn (1st May 2015), Gardener (5th May 2015), grannyfranny100 (7th May 2015), Paul (1st May 2015), Sierra (7th May 2015), Tesla_WTC_Solution (1st May 2015), ulli (1st May 2015)

  5. Link to Post #3
    Avalon Member grannyfranny100's Avatar
    Join Date
    20th April 2010
    Location
    Bay City, MI
    Posts
    1,059
    Thanks
    2,859
    Thanked 3,804 times in 875 posts

    Default Re: Is the deprecation of insecure HTTP an attack on alternative media?

    Nasty tricks of a panicking NWO class. Thanks for the info!

  6. The Following 5 Users Say Thank You to grannyfranny100 For This Post:

    Elisheva (2nd May 2015), Paul (1st May 2015), Sierra (7th May 2015), Tesla_WTC_Solution (1st May 2015), ulli (1st May 2015)

  7. Link to Post #4
    United States Avalon Retired Member
    Join Date
    4th January 2011
    Location
    North Texas
    Age
    72
    Posts
    27,723
    Thanks
    28,846
    Thanked 129,174 times in 20,635 posts

    Default Re: Is the deprecation of insecure HTTP an attack on alternative media?

    In other words, an important aspect of "control" is that only authorized parties can "broadcast". By such means as increasing control over the indexing (aka search engines) of the Web and over the licensing (aka SSL security certificates) of the Web, unauthorized broadcasters can (and I presume will) be increasingly marginalized.

    I anticipate that an SSL certificate from a recognized authority will eventually become a sine qua non of hosting web sites, just as FCC broadcast licenses are now for TV and radio stations.

  8. The Following 10 Users Say Thank You to Paul For This Post:

    Gardener (5th May 2015), Hervé (1st May 2015), looking-glass (2nd May 2015), Nasu (2nd May 2015), Omni (8th May 2015), RunningDeer (1st May 2015), Selene (1st May 2015), Sierra (7th May 2015), Tesla_WTC_Solution (1st May 2015)

  9. Link to Post #5
    Avalon Member
    Join Date
    30th July 2014
    Posts
    148
    Thanks
    35
    Thanked 706 times in 130 posts

    Default Re: Is the deprecation of insecure HTTP an attack on alternative media?

    HTTPS is becoming more of a standard because it implements security encryption. Anyone can buy a certificate. There are many types, you can get a $15 SSL cert in 20min and off you go, or you can validate your company for $200 and get a enhanced ssl.

    I found this page on vBulletin and https, looks like it is possible to turn on HTTPS.
    http://www.vbulletin.com/forum/forum...https-question

    you can also get a loadbalancing device or software in front of your website which will do HTTPS offloading and the traffic between that device and the site will remain HTTP. The main thing is that outside facing side is HTTPS encrypted.

    I dont see this as a type of control its just a security measure to prevent hackers. In this day and age online crime is increasing. There will be less purse snatching and more online identity theft.

    The control part is TPTB getting rid of cash and making everything payable by RFID chip.
    In the end it doesnt matter what the method is used, smart criminals will always find a way to exploit it, and the security will always be enhanced to try to stop them.

  10. The Following 3 Users Say Thank You to EWO For This Post:

    Deega (1st May 2015), grannyfranny100 (7th May 2015), Tesla_WTC_Solution (1st May 2015)

  11. Link to Post #6
    Avalon Member lucidity's Avatar
    Join Date
    16th September 2014
    Posts
    1,089
    Thanks
    1,029
    Thanked 4,749 times in 956 posts

    Default Re: Is the deprecation of insecure HTTP an attack on alternative media?

    Hello Siblings,

    The irony of all this... is that SSL is known to be broken.
    For those of you who are new to this news.... i'm not kidding.

    See here for a presentation on this from the Black Hat 2013 conference.
    (specifically from 32 minutes in -- they're calling it the 'cryptoapocalypse' )
    http://bit.ly/1bTXTZ9

    It's know, for example, that the NSA can already break into HTTPS ..
    .. this is one of the gems that came out of the Snowden revelations.

    The upshot is that the world will need to move to Ecliptic Curve Cryptography (ECC).
    However this stuff is encumbered with patents, currently owned by Blackberry.
    This is why they're calling it the 'cryptoapocalypse' ... It wont be long before criminals
    (and criminal states) start exploiting these vulnerabilities to attack global e-commerce.
    And that... my dear siblings... includes your Amazon and ebay purchases and your online
    banking transactions, credit/debit card payments... the whole 9 yards.


    It doesn't matter that SSL is using 256 bit encryption:
    (a) NSA can already break everything up to 1024 bit RSA
    (b) the encryption details are irrelevant anyway... because SSL is vulnerable to a clever
    man-in-the-middle attack, ... again... i'm not kidding. See these videos to learn how:

    https://www.youtube.com/watch?v=gNhyjPxuy5w
    https://www.youtube.com/watch?v=qzNv6e1z1_E

    Soon... the only safe money will be bitcoin and litecoin..
    (on that basis, i predict that the crypto-currencies will take off again)

    be happy

    lucidity :-)

  12. The Following 4 Users Say Thank You to lucidity For This Post:

    grannyfranny100 (7th May 2015), Nasu (2nd May 2015), Omni (8th May 2015), Tesla_WTC_Solution (1st May 2015)

  13. Link to Post #7
    Unsubscribed
    Join Date
    20th November 2012
    Location
    gone
    Age
    36
    Posts
    4,873
    Thanks
    15,814
    Thanked 18,722 times in 4,284 posts

    Default Re: Is the deprecation of insecure HTTP an attack on alternative media?

    Quote Posted by Paul (here)
    It seems that both Google and Mozilla are increasingly favoring secure HTTP (HTTPS) over HTTP. See for example:This puts smaller alternative media websites, such as ProjectAvalon.net, at a disadvantage, since we cannot easily adapt secure HTTPS technology. The vBulletin software we use does not handle HTTPS, and cannot be converted for any reasonable effort (believe me, Ilie has tried.)

    Eventually, if this keeps up, only sites running HTTPS (encrypted HTTP) will be widely visible, as more and more end-users come to distrust "old fashioned, unencrypted, insecure, and risky" HTTP.

    What's more, only those HTTPS sites that can get trusted certificates from the certificate issuing authorities will be allowed through without, at a minimum, warnings in the browser to the user of an insecure site, or, later on, allowed through at all on many end-user systems and configurations.

    Question: could this be (no doubt one of many) ways of attacking smaller alternative media websites?
    It will steer people away from sites if their ISP/router limits the # of secure connections incoming

    We've been noticing this a lot at home in WA Paul, lots of "connection refused" and lost connection messages,
    spouse says he thinks it's to do w/ HTTPS limitations per connection

    thanks for bringing this to public attention.
    it really sux to be alt!!!

    Thanks for all you do to keep it going.

    p.s. it's true, sometimes we get connection errors where only https works and then eventually those get blocked too, lol

  14. Link to Post #8
    United States Avalon Retired Member
    Join Date
    4th January 2011
    Location
    North Texas
    Age
    72
    Posts
    27,723
    Thanks
    28,846
    Thanked 129,174 times in 20,635 posts

    Default Re: Is the deprecation of insecure HTTP an attack on alternative media?

    Quote Posted by EWO (here)
    HTTPS is becoming more of a standard because it implements security encryption. Anyone can buy a certificate.
    Yes, almost anyone (for now) can buy a certificate.

    The limitations on alternative media sites are such things as (1) some of us running sites that don't easily convert from HTTP to HTTPS, and (2) more control over who can get certificates, in the future, after appropriate false flag events have sold the public on the need to keep dangerous hackers off the web.

  15. The Following 8 Users Say Thank You to Paul For This Post:

    grannyfranny100 (7th May 2015), JRS (2nd May 2015), naste.de.lumina (1st May 2015), Nasu (2nd May 2015), Omni (8th May 2015), RunningDeer (1st May 2015), Sierra (7th May 2015)

  16. Link to Post #9
    United States Avalon Retired Member
    Join Date
    4th January 2011
    Location
    North Texas
    Age
    72
    Posts
    27,723
    Thanks
    28,846
    Thanked 129,174 times in 20,635 posts

    Default Re: Is the deprecation of insecure HTTP an attack on alternative media?

    Quote Posted by Tesla_WTC_Solution (here)
    It will steer people away from sites if their ISP/router limits the # of secure connections incoming

    We've been noticing this a lot at home in WA Paul, lots of "connection refused" and lost connection messages,
    spouse says he thinks it's to do w/ HTTPS limitations per connection
    I am sceptical of that explanation .

    I am not in a position to debug web connection issues for others, but I doubt that there are serious "HTTPS limitations per connection" imposed by an ISP or router.

  17. The Following 3 Users Say Thank You to Paul For This Post:

    grannyfranny100 (7th May 2015), Nasu (2nd May 2015), RunningDeer (1st May 2015)

  18. Link to Post #10
    United States Avalon Retired Member
    Join Date
    4th January 2011
    Location
    North Texas
    Age
    72
    Posts
    27,723
    Thanks
    28,846
    Thanked 129,174 times in 20,635 posts

    Default Re: Is the deprecation of insecure HTTP an attack on alternative media?

    Quote Posted by lucidity (here)
    Hello Siblings,

    The irony of all this... is that SSL is known to be broken.
    For those of you who are new to this news.... i'm not kidding.
    SSL is not reliable protection against the NSA - yes.

    It is usually protection against ordinary snoops and hackers (not always, there are security flaws that show up and eventually get fixed, but usually.)

    However SSL is not at all broken from the "purpose" that I am speculating on in this thread -- a means of imposing "licenses" on websites. If most users, using their typical smartphone or tablet or PC configuration, cannot see "insecure" HTTP sites, or can only see them if they click through some warning, then that will reduce the audience for "unlicensed" websites, such as those that, in some future time, after some more control is imposed onthe web, cannot get an SSL certificate.

  19. The Following 7 Users Say Thank You to Paul For This Post:

    grannyfranny100 (7th May 2015), Hervé (1st May 2015), Nasu (2nd May 2015), Omni (8th May 2015), RunningDeer (1st May 2015), Sierra (7th May 2015)

  20. Link to Post #11
    Great Britain Avalon Member Xanth's Avatar
    Join Date
    24th June 2014
    Location
    UK
    Posts
    76
    Thanks
    363
    Thanked 367 times in 70 posts

    Default Re: Is the deprecation of insecure HTTP an attack on alternative media?

    If privacy were valued everywhere on the web, SSL would be used everywhere. Granted SSL has flaws, but if you want to keep things private across the web, SSL is a good start.
    Suggesting that its an attempt to undermine people who use outdated technology I would consider an invalid argument. With all the NSA/government spying - using SSL is one measure you can use to slow them down. Obviously if you're individually targetted there's not much you can do, however if everyone used SSL for all web interactions, it would make the security services jobs much more difficult. It would also prevent opportunists like your ISP from examining and storing the data you send and receive across the web.

    If the main proponents of privacy and freedom on the internet are suggesting you use SSL - after all, what right does anyone have to monitor the data travelling between your browser and a web site, then its a broken argument to suggest that is being done to attack the alternative media. With SSL it makes it less likely that a heavy handed state can monitor an individual's alternative media discussion, and therefore less likely that an individual's alternative media expression will be surpressed.

    One simple reason why a lot of sites use SSL, is that HTTP makes it trivial for a 10 year old to gather all the passwords for all the users on sites like this.
    Last edited by Xanth; 1st May 2015 at 21:02.

  21. The Following User Says Thank You to Xanth For This Post:

    grannyfranny100 (7th May 2015)

  22. Link to Post #12
    Great Britain Avalon Member Xanth's Avatar
    Join Date
    24th June 2014
    Location
    UK
    Posts
    76
    Thanks
    363
    Thanked 367 times in 70 posts

    Default Re: Is the deprecation of insecure HTTP an attack on alternative media?

    If you did want to run avalon over HTTPS without touching vbulletin, one way would be to host HTTPS://projectavlon.net on a separate box and pass through requests to http://projectavalon.net using HTTP.
    If http://projectavalon.net was only accessible from https:/projectavalon.net, all users would come in via HTTPS.
    The only unencrypted communication would be between your two boxes, and how much of an issue that was would likely depend on geographic separation.

    If you google "https to http reverse proxy" that supplies more info. Depending on how sophisticated your reverse proxy is, it will deal with ensuring that all page urls get mapped correctly between http and https.
    Last edited by Xanth; 1st May 2015 at 21:22.

  23. The Following User Says Thank You to Xanth For This Post:

    grannyfranny100 (7th May 2015)

  24. Link to Post #13
    United States Avalon Retired Member
    Join Date
    4th January 2011
    Location
    North Texas
    Age
    72
    Posts
    27,723
    Thanks
    28,846
    Thanked 129,174 times in 20,635 posts

    Default Re: Is the deprecation of insecure HTTP an attack on alternative media?

    Quote Posted by Xanth (here)
    If privacy were valued everywhere on the web, SSL would be used everywhere. Granted SSL has flaws, but if you want to keep things private across the web, SSL is a good start.
    Yes - SSL is a good start for just such privacy.

    I am anticipating that in the hands of the bastards in power, it can also be used as part of the means to limit the reach of alternative websites such as ours.

    Most technologies can be used and abused in various ways, depending on who's using them, and why.

  25. The Following User Says Thank You to Paul For This Post:

    grannyfranny100 (7th May 2015)

  26. Link to Post #14
    Unsubscribed
    Join Date
    20th November 2012
    Location
    gone
    Age
    36
    Posts
    4,873
    Thanks
    15,814
    Thanked 18,722 times in 4,284 posts

    Default Re: Is the deprecation of insecure HTTP an attack on alternative media?

    Quote Posted by Paul (here)
    Quote Posted by Tesla_WTC_Solution (here)
    It will steer people away from sites if their ISP/router limits the # of secure connections incoming

    We've been noticing this a lot at home in WA Paul, lots of "connection refused" and lost connection messages,
    spouse says he thinks it's to do w/ HTTPS limitations per connection
    I am sceptical of that explanation .

    I am not in a position to debug web connection issues for others, but I doubt that there are serious "HTTPS limitations per connection" imposed by an ISP or router.

    *Skeptical

    Well, I understand the aversion to offering free tech support.
    Offering information on our limited connection was meant to be helpful to PA.

    I sense from the tone that my help may not be particularly welcome.
    A simple Thanks communicates a lot.

    I read a few sites that said the issues can be client side due to routers that don't support recent Windows changes.

    Also Windows came up again,

    Quote IIS 6.0 Documentation > IIS 6.0 Operations Guide > Performance Tuning
    Limiting Connections (IIS 6.0)

    Connection limits restrict the number of simultaneous client connections to your Web sites and your Web server. Limiting connections conserves memory and protects against malicious attacks designed to overload your Web server with thousands of client requests.

    So I am guessing, there's some way I've misread this or misinterpreted its meaning?

    The quoted text says Windows itself limits incoming connections.

    https://www.microsoft.com/technet/pr....mspx?mfr=true







  27. Link to Post #15
    United States Avalon Retired Member
    Join Date
    4th January 2011
    Location
    North Texas
    Age
    72
    Posts
    27,723
    Thanks
    28,846
    Thanked 129,174 times in 20,635 posts

    Default Re: Is the deprecation of insecure HTTP an attack on alternative media?

    Quote Posted by Tesla_WTC_Solution (here)
    Quote Posted by Paul (here)
    ... but I doubt that there are serious "HTTPS limitations per connection" imposed by an ISP or router.
    ...

    So I am guessing, there's some way I've misread this or misinterpreted its meaning?

    The quoted text says Windows itself limits incoming connections.

    https://www.microsoft.com/technet/pr....mspx?mfr=true
    WindowsServer IIS is a web server, not your Windows client, much less your ISP or router.

    I doubt that there are serious connection limits specific to HTTPS imposed by your ISP or router.

    It does not surprise me at all that a web server has configurable connection limits on the total number of WWW or FTP connections ... totally different .

  28. The Following User Says Thank You to Paul For This Post:

    grannyfranny100 (7th May 2015)

  29. Link to Post #16
    United States Avalon Member
    Join Date
    24th June 2013
    Posts
    1,369
    Thanks
    843
    Thanked 3,857 times in 1,120 posts

    Default Re: Is the deprecation of insecure HTTP an attack on alternative media?

    I don't know whether this is happening only to my computer, but I have been busy and checking into Avalon almost exclusively. My computer viewing is being bombarded by advertisings, blocking out the screen or refusing to be removed until I shut down what I have been viewing. If other Avalonians are experiencing this, it could be a virus planted to get rid of the site. This is a possible heads up to to those running the site. I hope that it is only my computer. One screen says I have a virus and must call a certain telephone number. I have not done so because I suspect that they are the ones who have planted the virus. I have McAfee active and so I do not understand how this virus got through to me.

  30. Link to Post #17
    United States Avalon Retired Member
    Join Date
    4th January 2011
    Location
    North Texas
    Age
    72
    Posts
    27,723
    Thanks
    28,846
    Thanked 129,174 times in 20,635 posts

    Default Re: Is the deprecation of insecure HTTP an attack on alternative media?

    Quote Posted by amor (here)
    I don't know whether this is happening only to my computer, but I have been busy and checking into Avalon almost exclusively. My computer viewing is being bombarded by advertisings, blocking out the screen or refusing to be removed until I shut down what I have been viewing. If other Avalonians are experiencing this, it could be a virus planted to get rid of the site. This is a possible heads up to to those running the site. I hope that it is only my computer. One screen says I have a virus and must call a certain telephone number. I have not done so because I suspect that they are the ones who have planted the virus. I have McAfee active and so I do not understand how this virus got through to me.
    It is almost certainly your computer . No one else is reporting this, and from what you describe, it's typical of the sorts of problems people see on Windows PC's (which I am guessing is what you're running.)

    Perhaps someone else reading this has some suggestions on how to clean such problems up; I don't work on Windows enough to know such things.

  31. The Following User Says Thank You to Paul For This Post:

    grannyfranny100 (7th May 2015)

  32. Link to Post #18
    France Administrator Hervé's Avatar
    Join Date
    7th March 2011
    Location
    Brittany
    Posts
    16,766
    Thanks
    60,316
    Thanked 95,036 times in 15,475 posts

    Default Re: Is the deprecation of insecure HTTP an attack on alternative media?

    Quote Posted by amor (here)
    [...]
    .... I have McAfee active and so I do not understand how this virus got through to me.
    Get rid of McAfee!

    Use Comodo "Free Internet Security."
    "La réalité est un rêve que l'on fait atterrir" San Antonio AKA F. Dard

    Troll-hood motto: Never, ever, however, whatsoever, to anyone, a point concede.

  33. The Following 6 Users Say Thank You to Hervé For This Post:

    Alekahn2 (8th May 2015), Gardener (5th May 2015), grannyfranny100 (7th May 2015), Omni (8th May 2015), Paul (2nd May 2015)

  34. Link to Post #19
    France Administrator Hervé's Avatar
    Join Date
    7th March 2011
    Location
    Brittany
    Posts
    16,766
    Thanks
    60,316
    Thanked 95,036 times in 15,475 posts

    Default Re: Is the deprecation of insecure HTTP an attack on alternative media?

    That thing seems already well on its way:

    Quote Posted by Daughter of Time (here)
    Whenever I have tried to log in to PA while using google chrome, unlike Firefox or Internet Explorer, it has not let me in.

    GoogleChrome blocks Project Avalon with the caption "unsafe site" and it will simply not navigate to the log in page.
    "La réalité est un rêve que l'on fait atterrir" San Antonio AKA F. Dard

    Troll-hood motto: Never, ever, however, whatsoever, to anyone, a point concede.

  35. The Following 3 Users Say Thank You to Hervé For This Post:

    grannyfranny100 (7th May 2015), Omni (8th May 2015), Paul (2nd May 2015)

  36. Link to Post #20
    Avalon Member
    Join Date
    18th April 2015
    Posts
    106
    Thanks
    131
    Thanked 278 times in 89 posts

    Default Re: Is the deprecation of insecure HTTP an attack on alternative media?

    Hi,

    in one of my 'roles' I have had an email that google's turn to https will affect our various security filtering so we will need to be 'certified' in order to stay 'safe' and use our 'filters'.

    regards

  37. The Following 3 Users Say Thank You to looking-glass For This Post:

    grannyfranny100 (7th May 2015), Paul (2nd May 2015)

+ Reply to Thread
Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts