<div dir="ltr">MITM oon SSL, is oldschool, and something I always laugh about.<br>Especially when talking to "security professionals" trying to sell a expensive security apliance wich is managable useing a ssl enabled website. ( Creating a huge weak link ) <br>
Well, talking about such classics, i like to share the following _OLD_ paper.<br><a href="http://www.milw0rm.com/papers/223">http://www.milw0rm.com/papers/223</a> ( <a href="http://www.milw0rm.com/papers/223" target="_blank" class="style14">The Pirate Bay un-SSL</a> )<br>
And don't forget to check <a href="http://en.wikipedia.org/wiki/Man-in-the-middle_attack">http://en.wikipedia.org/wiki/Man-in-the-middle_attack</a> for some basic background information.<br>Loads of portable devices like for example a iphone use SSL over a USB connection. We all know how THAT worked out.<br>
<br>In general, security systems get cracked because of wrong implementation, not because of bad design. <br><br><div class="gmail_quote">2008/9/19 <span dir="ltr"><<a href="mailto:pp.international.general-request@lists.pirateweb.net">pp.international.general-request@lists.pirateweb.net</a>></span><br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Send pp.international.general mailing list submissions to<br>
<a href="mailto:pp.international.general@lists.pirateweb.net">pp.international.general@lists.pirateweb.net</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="http://lists.pirateweb.net/mailman/listinfo/pp.international.general" target="_blank">http://lists.pirateweb.net/mailman/listinfo/pp.international.general</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:pp.international.general-request@lists.pirateweb.net">pp.international.general-request@lists.pirateweb.net</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:pp.international.general-owner@lists.pirateweb.net">pp.international.general-owner@lists.pirateweb.net</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of pp.international.general digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: pp.international.general Digest, Vol 19, Issue 19<br>
(Christian Hufgard)<br>
2. Re: Press Release: Member of German Pirate Party raided<br>
(Kaj Sotala)<br>
3. Re: Free Software or Open Source? (<a href="mailto:machado@sociologia.de">machado@sociologia.de</a>)<br>
4. Talk like a pirate day (Andrew Norton)<br>
5. Re: pp.international.general Digest, Vol 19, Issue 19<br>
(Richard M. Stallman)<br>
6. Re: Free Software or Open Source? (Wybo Wiersma)<br>
7. Re: Free Software or Open Source? (Valentin Villenave)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Thu, 18 Sep 2008 17:04:34 +0200<br>
From: Christian Hufgard <<a href="mailto:christian.hufgard@piratenpartei-hessen.de">christian.hufgard@piratenpartei-hessen.de</a>><br>
Subject: Re: [pp.int.general] pp.international.general Digest, Vol 19,<br>
Issue 19<br>
To: <a href="mailto:rms@gnu.org">rms@gnu.org</a>, Pirate Parties International -- General Talk<br>
<<a href="mailto:pp.international.general@lists.pirateweb.net">pp.international.general@lists.pirateweb.net</a>><br>
Message-ID: <<a href="mailto:48D26E02.4010902@piratenpartei-hessen.de">48D26E02.4010902@piratenpartei-hessen.de</a>><br>
Content-Type: text/plain; charset=ISO-8859-1<br>
<br>
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
Hi Richard,<br>
<br>
> These two points make an interesting contrast. Skype is also non-free<br>
> software (thus tailor-made for such abuse).<br>
><br>
> Posting your skype account is as much as saying "Please use Skype" to<br>
> the rest of the list. Is that a good idea?<br>
<br>
Well... Skype is neat - unless you are the firewall adminstrator. But<br>
there are enough other ways to communicate with others via voice...<br>
<br>
> and Man-In-The-Middle-Attacks to break<br>
> > >>>>> SSL-Encryption),<br>
><br>
> Can someone say where I could get more info in English about this<br>
> vulnerability in SSL? I thought SSL certificates were supposed to<br>
> prevent this.<br>
<br>
There was no SSL vulnerability used. At least the document says, the<br>
man-in-the-middle-attack is only possible with Firefox and Internet<br>
Explorer. The skype-capturing was available for Windows 2000 and Windows<br>
XP. So our guess is, that they just hacked the ssl libraries for Firefox<br>
and IE.<br>
This way, the grab the data before/after encoding and your browser does<br>
not even realize, that something is going wrong.<br>
<br>
<br>
Christian<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.6 (GNU/Linux)<br>
Comment: Using GnuPG with Mozilla - <a href="http://enigmail.mozdev.org" target="_blank">http://enigmail.mozdev.org</a><br>
<br>
iD8DBQFI0m4CxGyXP1L6p88RApJDAJ94kte9of+6TAx5Pfq48m7gGhrgygCdHAfE<br>
nagxqkY6XPSbG1RHcmvQXEU=<br>
=zFQy<br>
-----END PGP SIGNATURE-----<br>
<br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Thu, 18 Sep 2008 18:24:36 +0300<br>
From: "Kaj Sotala" <<a href="mailto:kaj.sotala@piraattipuolue.fi">kaj.sotala@piraattipuolue.fi</a>><br>
Subject: Re: [pp.int.general] Press Release: Member of German Pirate<br>
Party raided<br>
To: "Pirate Parties International -- General Talk"<br>
<<a href="mailto:pp.international.general@lists.pirateweb.net">pp.international.general@lists.pirateweb.net</a>><br>
Message-ID:<br>
<<a href="mailto:6a13bb8f0809180824i7d4bfcbbv80509ca20394a591@mail.gmail.com">6a13bb8f0809180824i7d4bfcbbv80509ca20394a591@mail.gmail.com</a>><br>
Content-Type: text/plain; charset=ISO-8859-1<br>
<br>
On Wed, Sep 17, 2008 at 5:09 PM, Andreas Popp <<a href="mailto:andreas.popp@gmx.de">andreas.popp@gmx.de</a>> wrote:<br>
> Hello folks,<br>
><br>
> a translation of todys press release, you might be interessed<br>
><br>
> <a href="http://wiki.piratenpartei.de/Press_release_2008-09-17" target="_blank">http://wiki.piratenpartei.de/Press_release_2008-09-17</a><br>
<br>
Piraattipuolue in Finland has issued its own press release concerning the topic:<br>
<br>
<a href="http://blog.piraattipuolue.fi/2008/09/pp-tiedote-saksan-piraattipuolueen-tiedottaja-ratsattu-lahdesuoja-on-pian-vain-muisto/" target="_blank">http://blog.piraattipuolue.fi/2008/09/pp-tiedote-saksan-piraattipuolueen-tiedottaja-ratsattu-lahdesuoja-on-pian-vain-muisto/</a><br>
<br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Thu, 18 Sep 2008 14:31:50 -0300<br>
From: "<a href="mailto:machado@sociologia.de">machado@sociologia.de</a>" <<a href="mailto:machado@sociologia.de">machado@sociologia.de</a>><br>
Subject: Re: [pp.int.general] Free Software or Open Source?<br>
To: Pirate Parties International -- General Talk<br>
<<a href="mailto:pp.international.general@lists.pirateweb.net">pp.international.general@lists.pirateweb.net</a>><br>
Message-ID: <<a href="mailto:48D29086.4030906@sociologia.de">48D29086.4030906@sociologia.de</a>><br>
Content-Type: text/plain; charset=us-ascii; format=flowed<br>
<br>
Hi folk,<br>
<br>
I think Stallman has appointed a very important question. In Brazil (and<br>
maybe in all South America) we use mainly the term "free software"<br>
because of the political implications of FREEDOM. I see "open source" as<br>
a term of the "business world". I suggest for all "pirates" to use<br>
always the term "free software" ir order to have a coherent and<br>
progressive political discourse. We cannot forget that the central point<br>
is not just the code, but the freedom!<br>
<br>
All the best,<br>
<br>
Jorge<br>
Brazil<br>
<br>
<br>
<br>
Richard M. Stallman escreveu:<br>
> The reason why I talked about Ubuntu and codecs in the first place is<br>
> because, while I see many columns celebrating the choice of the French<br>
> Parliament to make the switch to GNU/Linux, people often tend to<br>
> forget that this move was made immediately after the *very same*<br>
> parliament voted a bunch of laws that could have been directly written<br>
> by the RIAA and Microsoft (actually they were, but that's another<br>
> story).<br>
><br>
> I think it is the practice of saying "open source" (rather than "free<br>
> software" or "logiciel libre") which allows this to happen.<br>
><br>
> The term "open source" represents a choice to focus on everthing<br>
> _except_ the ethical issue of freedom to share and control the<br>
> software you use. No wonder that success in convincing someone<br>
> to convert to "open source" does not win their support for freedom.<br>
><br>
> People justify this choice by arguing that it is easier to convince<br>
> people of the open source ideas. And it may be true that you can get<br>
> more people to take the "open source" step -- because they have not<br>
> gone very far.<br>
><br>
> And if the free software movement is hidden behind "open source", they<br>
> will probably never see anything to suggest that they go any further.<br>
><br>
><br>
> ____________________________________________________<br>
> Pirate Parties International - General Talk<br>
> <a href="mailto:pp.international.general@lists.pirateweb.net">pp.international.general@lists.pirateweb.net</a><br>
> <a href="http://lists.pirateweb.net/mailman/listinfo/pp.international.general" target="_blank">http://lists.pirateweb.net/mailman/listinfo/pp.international.general</a><br>
><br>
><br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 4<br>
Date: Thu, 18 Sep 2008 15:04:30 -0400<br>
From: Andrew Norton <<a href="mailto:andrew.norton@pirate-party.us">andrew.norton@pirate-party.us</a>><br>
Subject: [pp.int.general] Talk like a pirate day<br>
To: Pirate Parties International -- General Talk<br>
<<a href="mailto:pp.international.general@lists.pirateweb.net">pp.international.general@lists.pirateweb.net</a>><br>
Message-ID: <<a href="mailto:48D2A63E.6050303@pirate-party.us">48D2A63E.6050303@pirate-party.us</a>><br>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed<br>
<br>
Tomorrow's Talk like a pirate day, anyone got any plans for activities<br>
etc. to mark it?<br>
<br>
<a href="http://www.talklikeapirate.com/" target="_blank">http://www.talklikeapirate.com/</a> is the site<br>
<br>
it can be a good PR way to get some people interested.<br>
<br>
<br>
------------------------------<br>
<br>
Message: 5<br>
Date: Thu, 18 Sep 2008 15:15:52 -0400<br>
From: "Richard M. Stallman" <<a href="mailto:rms@gnu.org">rms@gnu.org</a>><br>
Subject: Re: [pp.int.general] pp.international.general Digest, Vol 19,<br>
Issue 19<br>
To: Christian Hufgard <<a href="mailto:christian.hufgard@piratenpartei-hessen.de">christian.hufgard@piratenpartei-hessen.de</a>><br>
Cc: <a href="mailto:pp.international.general@lists.pirateweb.net">pp.international.general@lists.pirateweb.net</a><br>
Message-ID: <<a href="mailto:E1KgOym-0005q4-Lw@fencepost.gnu.org">E1KgOym-0005q4-Lw@fencepost.gnu.org</a>><br>
Content-Type: text/plain; charset=ISO-8859-15<br>
<br>
Well... Skype is neat<br>
<br>
I would guess that you're judging this at a practical level only.<br>
On that level, I have no opinion.<br>
I was talking about the ethical level: it's not free software.<br>
<br>
Of course, Windows XP isn't free software either,<br>
but lots of people realize that Windows is bad.<br>
Many of them don't realize that the Skype software raises the same issue.<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 6<br>
Date: Thu, 18 Sep 2008 23:53:19 +0200<br>
From: Wybo Wiersma <<a href="mailto:wybo@logilogi.org">wybo@logilogi.org</a>><br>
Subject: Re: [pp.int.general] Free Software or Open Source?<br>
To: Pirate Parties International -- General Talk<br>
<<a href="mailto:pp.international.general@lists.pirateweb.net">pp.international.general@lists.pirateweb.net</a>><br>
Message-ID: <<a href="mailto:20080918215319.GB4950@logilogi.org">20080918215319.GB4950@logilogi.org</a>><br>
Content-Type: text/plain; charset=us-ascii<br>
<br>
I fully subscribe to this, ultimately Freedom is the most important<br>
issue here, not code that is open to many eyeballs. And not because of<br>
anti-business sentiments, but because the free market also thrives best<br>
for society as a whole with freedom.<br>
<br>
Wybo<br>
<br>
PS: And don't use Skype, there are alternatives like Ekiga Softphone :)<br>
<br>
> Hi folk,<br>
><br>
> I think Stallman has appointed a very important question. In Brazil (and<br>
> maybe in all South America) we use mainly the term "free software"<br>
> because of the political implications of FREEDOM. I see "open source" as<br>
> a term of the "business world". I suggest for all "pirates" to use<br>
> always the term "free software" ir order to have a coherent and<br>
> progressive political discourse. We cannot forget that the central point<br>
> is not just the code, but the freedom!<br>
><br>
> All the best,<br>
><br>
> Jorge<br>
> Brazil<br>
<br>
---<br>
<br>
::Student:<br>
- Informatiekunde (computer linguistics, IR, webtech), History and Philosophy<br>
- Member of the Center for Metahistory Groningen (<a href="http://www.rug.nl/let/cmg" target="_blank">http://www.rug.nl/let/cmg</a>)<br>
<br>
::Free Software and Open Source Developer:<br>
- Active in the LogiLogi Foundation (<a href="http://foundation.logilogi.org" target="_blank">http://foundation.logilogi.org</a>)<br>
- <a href="http://www.LogiLogi.org" target="_blank">http://www.LogiLogi.org</a>, Cumulative, shared commenting, publication and<br>
idea sharing: Where insight comes together...<br>
- <a href="http://www.OgOg.org" target="_blank">http://www.OgOg.org</a>, RSS feed articles rating, a meritocracy...<br>
- ComLinToo, a computational linguistics toolset written in Perl<br>
<br>
<br>
------------------------------<br>
<br>
Message: 7<br>
Date: Fri, 19 Sep 2008 08:25:03 +0200<br>
From: "Valentin Villenave" <<a href="mailto:v.villenave@gmail.com">v.villenave@gmail.com</a>><br>
Subject: Re: [pp.int.general] Free Software or Open Source?<br>
To: "Pirate Parties International -- General Talk"<br>
<<a href="mailto:pp.international.general@lists.pirateweb.net">pp.international.general@lists.pirateweb.net</a>><br>
Message-ID:<br>
<<a href="mailto:eefe316d0809182325p7b45c1a8j2d2c9d2afa8a92b3@mail.gmail.com">eefe316d0809182325p7b45c1a8j2d2c9d2afa8a92b3@mail.gmail.com</a>><br>
Content-Type: text/plain; charset=ISO-8859-1<br>
<br>
2008/9/18 Wybo Wiersma <<a href="mailto:wybo@logilogi.org">wybo@logilogi.org</a>>:<br>
<br>
Hi Wybo,<br>
<br>
> PS: And don't use Skype, there are alternatives like Ekiga Softphone :)<br>
<br>
And on the non-SIP side: Mumble, Jabbin, Wengo,... it's a long list! :-)<br>
<br>
Cheers,<br>
Valentin<br>
<br>
<br>
------------------------------<br>
<br>
_______________________________________________<br>
pp.international.general mailing list<br>
<a href="mailto:pp.international.general@lists.pirateweb.net">pp.international.general@lists.pirateweb.net</a><br>
<a href="http://lists.pirateweb.net/mailman/listinfo/pp.international.general" target="_blank">http://lists.pirateweb.net/mailman/listinfo/pp.international.general</a><br>
<br>
<br>
End of pp.international.general Digest, Vol 19, Issue 24<br>
********************************************************<br>
</blockquote></div><br></div>