hate these ads?, log in or register to hide them
Page 432 of 432 FirstFirst ... 332382422429430431432
Results 8,621 to 8,631 of 8631

Thread: I don't need sanity, work in IT (thread) every day

  1. #8621
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    11,062
    I have multiple programs with auto-update features baked in (Firefox, iCUE, VLC, etc.), but I'm trying to figure out if they use HTTP or HTTPS to talk with the update server. I want to avoid MitM attacks. I know for a fact that VLC doesn't use HTTPS because it gives a HTTP URL when downloading an update.

    I used Resource Monitor to see the domains these programs are connecting to, but nothing is telling me whether the connection is HTTP or HTTPS. Is there a way to determine this?
    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...
    Johns Hopkins CSSE COVID-19 Dashboard

  2. #8622
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,673
    Packet sniffer (maybe Wireshark), see if you're seeing GET ... HTTP/1.1 or encrypted comms?

    A more thorough assessment might include critiquing the CA certs being used by the OS (& apps where they use their own). As in a lot of people get MITM'd by their own "AV" or VPN choices after those drop in a few root certs.
    Last edited by Daneel Trevize; December 21 2019 at 03:03:22 PM.
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  3. #8623
    Donor erichkknaar's Avatar
    Join Date
    April 10, 2011
    Posts
    14,153
    Quote Originally Posted by Nordstern View Post
    I have multiple programs with auto-update features baked in (Firefox, iCUE, VLC, etc.), but I'm trying to figure out if they use HTTP or HTTPS to talk with the update server. I want to avoid MitM attacks. I know for a fact that VLC doesn't use HTTPS because it gives a HTTP URL when downloading an update.

    I used Resource Monitor to see the domains these programs are connecting to, but nothing is telling me whether the connection is HTTP or HTTPS. Is there a way to determine this?
    I'm curious. Why do you think someone is going to MitM your browser updates?

    I have basically stopped using anything that supports http only now.

    Also, remote port 443 in resource monitor is what you are looking for in 99% of the cases.
    http is port 80
    https is port 443
    meh

  4. #8624
    walrus's Avatar
    Join Date
    April 9, 2011
    Location
    Fancomicidolkostümier- ungsspielgruppenzusammenkunft
    Posts
    6,525
    Don't these services use checksums and shit on their updates? Shouldn't that catch any mitm modifications to the update file?
      Spoiler:
    Quote Originally Posted by RazoR View Post
    But islamism IS a product of class warfare. Rich white countries come into developing brown dictatorships, wreck the leadership, infrastructure and economy and then act all surprised that religious fanaticism is on the rise.
    Also:
    Quote Originally Posted by Tellenta View Post
    walrus isnt a bad poster.
    Quote Originally Posted by cullnean View Post
    also i like walrus.
    Quote Originally Posted by AmaNutin View Post
    Yer a hoot

  5. #8625
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,673
    How are you going to checksum an arbitrary future update? You'd need to be sent that data too.

    Don't confuse checksums with signing, they tackle 2 very different integrity problems, even if they often involve a lot of the same data.

    Yes, you can have a previously-established (i.e. bundled in the prior, trusted, installed release) Public Key, and check the files received were encrypted & signed by the corresponding Private Key. IIRC Debian is/was doing this for http apt repos, but there's still downsides.
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  6. #8626
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    11,062
    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...
    Johns Hopkins CSSE COVID-19 Dashboard

  7. #8627
    Donor Spaztick's Avatar
    Join Date
    April 10, 2011
    Location
    No Longer up High Sierra's Ass
    Posts
    10,283
    Quote Originally Posted by Nordstern View Post
    Furries are the backbone of America.

    On an unrelated note I met my first brony in the wild. Weird fucker but seemed harmless at least in a physically intimidating sense.

  8. #8628

    Join Date
    May 31, 2011
    Posts
    4,928
    Quote Originally Posted by erichkknaar View Post
    Quote Originally Posted by Nordstern View Post
    I have multiple programs with auto-update features baked in (Firefox, iCUE, VLC, etc.), but I'm trying to figure out if they use HTTP or HTTPS to talk with the update server. I want to avoid MitM attacks. I know for a fact that VLC doesn't use HTTPS because it gives a HTTP URL when downloading an update.

    I used Resource Monitor to see the domains these programs are connecting to, but nothing is telling me whether the connection is HTTP or HTTPS. Is there a way to determine this?
    I'm curious. Why do you think someone is going to MitM your browser updates?

    I have basically stopped using anything that supports http only now.

    Also, remote port 443 in resource monitor is what you are looking for in 99% of the cases.
    http is port 80
    https is port 443
    Alternatively: NETSTAT -A
    Code:
    PS C:\DATA> netstat -a
    
    Aktive Verbindungen
    
      Proto  Lokale Adresse         Remoteadresse          Status
      [...]
      TCP    10.49.255.104:49364    51.105.249.223:https   HERGESTELLT
      TCP    10.49.255.104:49730    par03s13-in-f74:https  HERGESTELLT
      TCP    10.49.255.104:53989    52.97.189.66:https     HERGESTELLT
      TCP    10.49.255.104:54149    ec2-35-167-176-149:https  HERGESTELLT
      TCP    10.49.255.104:56077    52.97.163.2:https      HERGESTELLT
      TCP    10.49.255.104:56498    51-159-20-151:https    WARTEND
      TCP    10.49.255.104:56551    par03s13-in-f78:https  HERGESTELLT
      TCP    10.49.255.104:56559    mil02s05-in-f67:https  WARTEND
      TCP    10.49.255.104:56560    par03s13-in-f68:https  WARTEND
      TCP    10.49.255.104:56563    ham04s01-in-f246:https  HERGESTELLT
      TCP    10.49.255.104:56564    ham02s15-in-f1:https   HERGESTELLT
      TCP    10.49.255.104:56573    ns3121917:https        WARTEND
      TCP    10.49.255.104:56574    151.101.120.193:https  HERGESTELLT
      TCP    10.49.255.104:56625    ham02s17-in-f10:https  WARTEND
      TCP    10.49.255.104:56647    104.28.24.14:https     WARTEND
      TCP    10.49.255.104:56692    server-13-35-250-20:https  WARTEND
      TCP    10.49.255.104:56704    93.184.220.29:http     WARTEND
      TCP    10.49.255.104:56706    151.101.12.157:https   HERGESTELLT
      TCP    10.49.255.104:56707    104.244.42.200:https   HERGESTELLT
      TCP    10.49.255.104:56763    81.19.104.117:https    WARTEND
      TCP    10.49.255.104:56804    a92-123-194-163:http   HERGESTELLT
      TCP    10.49.255.104:56805    81.19.104.117:https    WARTEND
      TCP    10.49.255.104:56806    81.19.104.117:https    WARTEND
      TCP    10.49.255.104:56827    52.109.88.37:https     HERGESTELLT
      TCP    10.49.255.104:56840    104.26.15.96:https     HERGESTELLT

  9. #8629
    rufuske's Avatar
    Join Date
    April 9, 2011
    Posts
    2,733
    You're all paranoid. Noone is after your furry porn collection.

  10. #8630
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    11,062
    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...
    Johns Hopkins CSSE COVID-19 Dashboard

  11. #8631

    Join Date
    May 31, 2011
    Posts
    4,928
    Holy shit, the new Firefox version (72) breaks almost every website I'm visiting on a regular basis, including Office 365 and anything Google that requires a login (contacts, drive, calendar ...)

    Granted, I have it locked down quite heavily, but up until this version, I was able to give the necessary permissions to get sites to work while still blocking most of the annoying BS.

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •