Det betyder egentligen endast att trafiken är krypterad, och det är i sig bra! Men det betyder inte att du har fått en krypterad förbindelse med den du tänkt dig.
Det registreras tusentals med certifikat som krypterar kommunikationen med sajter som ser exakt likadana ut som den du tänkt besöka men adressen är inte exakt utan endast snarlik.
Du går till den domän som står före och efter den sista punkten och innan ett eventuellt snedstreck.
Exempel på falska domäner;
Vissa internet-program visar i svart det som är själva domännamnet. Alla program ger också möjlighet att se vem certifikatet är utställt till, vanligen genom att klicka på hängläset.
Mer om falska certifikat hos Netcraft, https://toolbar.netcraft.com/stats/certificate_authorities.
Google Chrome skriver inte längre att en sajt är säker bara för att den har https. https://blogg.loopia.se/tag/google-chrome/.
Extended validated server certificates may be shown as a green address. They are expected whe the transactions you do with the site is extra valuable, eg banking and health businesses.
An EV Certificate is a quite new type of certificate that is designed to prevent phishing attacks better than normal SSL certificates An SSL Certificate Provider has to do some extensive validation to give you one including:
It is even better if the Certificate Provider is one that can be trusted.
Vad händer om man kombinerar en live-kamera med visuella effekter?
Kanske går det att lirka även med gamla filmklipp och bevisa resor i tiden där personer eg tar med sig sin mobiltelefon…
On October 4, 2018, Bloomberg published a story titled “The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies,” with a subtitle “The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.”
For years, security researchers have warned that unscrupulous hardware manufacturers or foreign governments could hijack the manufacturing process, installing backdoors into equipment that would be difficult to detect or stop. Now, we’ve caught the Chinese red-handed, and the fallout could be ugly.
An extensive report from Bloomberg details how Amazon’s investigation into deploying servers manufactured by Elemental Technologies led to the discovery of hardware backdoors smaller than a grain of rice. The chips had been hidden on Supermicro motherboards.
After discovering the chips in 2015, the government spent three years investigating the situation. They’ve determined that the hardware creates “a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.”
This week, Tim Berners-Lee, ”inventor of the World Wide Web”, will launch Inrupt. It’s mission is to turbocharge a broader movement afoot, among developers around the world, to decentralize the web and take back power from the forces that have profited from centralizing it.
On his screen, there is a simple-looking web page with tabs across the top: Tim’s to-do list, his calendar, chats, address book. He built this app–one of the first on Solid–for his personal use. It is simple, spare. In fact, it’s so plain that, at first glance, it’s hard to see its significance. But to Berners-Lee, this is where the revolution begins. The app, using Solid’s decentralized technology, allows Berners-Lee to access all of his data seamlessly–his calendar, his music library, videos, chat, research. It’s like a mashup of Google Drive, Microsoft Outlook, Slack, Spotify, and WhatsApp.
The difference here is that, on Solid, all the information is under his control. Every bit of data he creates or adds on Solid exists within a Solid pod–which is an acronym for personal online data store. These pods are what give Solid users control over their applications and information on the web. Anyone using the platform will get a Solid identity and Solid pod. This is how people, Berners-Lee says, will take back the power of the web from corporations.
“We are not talking to Facebook and Google about whether or not to introduce a complete change where all their business models are completely upended overnight. We are not asking their permission.”
First, when a user gives Facebook their number for security purposes—to set up 2FA, or to receive alerts about new logins to their account—that phone number can become fair game for advertisers within weeks. (This is not the first time Facebook has misused 2FA phone numbers.)
But the important message for users is: this is not a reason to turn off or avoid 2FA. The problem is not with two-factor authentication. It’s not even a problem with the inherent weaknesses of SMS-based 2FA in particular. Instead, this is a problem with how Facebook has handled users’ information and violated their reasonable security and privacy expectations.
Their complexity makes them a security hazard; their ubiquity makes replacement nigh impossible.
Sometimes URLs are explicitly typed by users; other times they’re opaque and hidden behind hyperlinks. Some URLs are good for sharing, others aren’t. Sometimes they’re shown on devices with abundant screen space, other times they’re so cramped that only a fragment of the URL can ever be seen.
IDN homograph attack
The internationalized domain name (IDN) homograph attack is a way a malicious party may deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters look alike (i.e., they are homographs, hence the term for the attack, although technically homoglyph is the more accurate term for different characters that look alike). For example, a regular user of example.com may be lured to click a link where the Latin character ”a” is replaced with the Cyrillic character ”а”.
This kind of spoofing attack is also known as script spoofing. Unicode incorporates numerous writing systems, and, for a number of reasons, similar-looking characters such as Greek Ο, Latin O, and Cyrillic О were not assigned the same code. Their incorrect or malicious usage is a possibility for security attacks.