Continue to Site

Eng-Tips is the largest engineering community on the Internet

Intelligent Work Forums for Engineering Professionals

Register Log in
  • Congratulations GregLocock on being selected by the Eng-Tips community for having the most helpful posts in the forums last week. Way to Go!

Are you REALLY Encrypted?

Status
Not open for further replies.
IRstuff

IRstuff

Aerospace
Jun 3, 2002
44,491

Seems to in the realm of engineering failures, sadly, both in the same week. Both are in the category of inherent flaws in the very infrastructure of our on-line security.

While you're at it, if you work for a large company, it's likely that they're eavesdropping on what you might think is encrypted internet traffic:
TTFN (ta ta for now)
I can do absolutely anything. I'm an expert! faq731-376 forum1529 Entire Forum list
 
Replies continue below

Recommended for you

Sort by date Sort by votes
Krack - The attacker would have to be physically close to the target and the potential weaknesses would not compromise connections to secure websites

----------------------------------------

The Help for this program was created in Windows Help format, which depends on a feature that isn't included in this version of Windows.
 
Upvote 0 Downvote
"physically close to the target"

Only close enough to be within range of your wifi, and it's likely that ROI is low for trying this on most of us, but bored script kiddies have the time and patience to try it and potentially steal things of importance from you. Luckily, if your Windows is on auto-update, the last Patch Tuesday included the patch for Windows 10, although the patch description tries to fly under anyone's radar.

Nevertheless, your privacy and security isn't necessarily anywhere near what you might hope for.

TTFN (ta ta for now)
I can do absolutely anything. I'm an expert! faq731-376 forum1529 Entire Forum list
 
Upvote 0 Downvote
IRS: In particular if Microsoft is scooping all your data, too... keystrokes, facial recognition, and the whole nine yards... Using Win7 pro and keeping track of all the add-ons I have a batch file with about 30 apps that MS uses for spying and delete them frequently...

Dik
 
Upvote 0 Downvote
MS is at least overt about it. My company spoofs the encryption certificate for https websites. Luckily, their public keys don't appear to be suffering from the RSA weak key problem.

TTFN (ta ta for now)
I can do absolutely anything. I'm an expert! faq731-376 forum1529 Entire Forum list
 
Upvote 0 Downvote
Well, I'm reminded of that Seinfeld episode where Kramer and what's-his-name were reversing their front door peepholes so people could see in...in the hopes that somebody would WANT to see in! If anybody's intercepting my emails, they're probably encrypting it themselves so they don't have to read it. I'd have to pay money to get a stranger to read that stuff.

I'm just envisioning the North Koreans sitting over there thinking "Now, this guy seems interested in cotton gins...is that some secret code for something interesting or what?"
 
Upvote 0 Downvote
Computerphile released a YouTube video on the subject of 'krack'. I happen to have watched it last night.


My conclusion is that it isn't actually that big a deal for most situations.

...But still, worth watching for the patches.
 
Upvote 0 Downvote
drawoh... neither do the authorities...

Dik
 
Upvote 0 Downvote
dik,

What was then the Toronto Linux Users Group held a lecture on some encryption software somebody was developing. Apparently, this had to be done in Canada and in the Netherlands. If it had been worked on in the USA, it would have been classified by ITAR as munitions. Perhaps a large, hard cover manual could be used as some sort of bludgeon.

--
JHG
 
Upvote 0 Downvote
Drawoh,
Great article! Thank you; that will save me hours every time I encrypt my mother's birthday e-card.


STF
 
Upvote 0 Downvote
drawoh:

PGP had that problem decades back, and had an export restriction about it being treated as munitions by the US... it was at that point available world wide... like closing the proverbial barn door.

Dik
 
Upvote 0 Downvote
IRStuff said:
While you're at it, if you work for a large company, it's likely that they're eavesdropping on what you might think is encrypted internet traffic
Click to expand...

I think there are some legitimate reasons for web/e-mail traffic to be monitored at work. If you visit *.ru sites on a regular basis, for instance, you don't have to be selling company secrets to be causing trouble. Just be logging to that address you are waving a flag saying "come get me"!

STF
 
Upvote 0 Downvote
Blocking domains is a whole separate thing altogether. I'm referring to what is essentially a man-in-the-middle attack on all your https connections, so my company, which does this, gets everything I might send to my bank over what I think is an encrypted connection. So, somewhere, there is a datafarm with my banking information in plaintext for someone or some program to review for any perceived wrongdoing.

TTFN (ta ta for now)
I can do absolutely anything. I'm an expert! faq731-376 forum1529 Entire Forum list
 
Upvote 0 Downvote
I keep all my separate projects on an encrypted USB stick that I use on my laptop which is not connected to the company network...

Dik
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

tommj
  • Locked
  • Question
2 Are Killed at Delta Maintenance Facility Near Atlanta Airport
Replies
7
Views
198
TugboatEng
TugboatEng
JohnRBaker
  • Locked
  • News
Are we about to get a repeat of the 2021 power crisis in Texas... 1
2 3
Replies
53
Views
660
1503-44
1503-44
IRstuff
  • Locked
  • Question
Self-Driving Cars and Taxis Are Here! 5
2
Replies
31
Views
359
Luceid
Luceid
IRstuff
  • Locked
  • Question
Tesla's are apparently pretty tough
Replies
4
Views
181
TugboatEng
TugboatEng
GregLocock
  • Question
Arecibo collapse - long report 1
Replies
1
Views
2K
Sym P. le
Sym P. le

Part and Inventory Search

Sponsor

Back
Top Bottom