823
edits
Difference between revisions of "Security Overview"
Jump to navigation
Jump to search
→Fingerprinting: link to tor bug tracker
(→Endpoints: clean up & consolidate more) |
(→Fingerprinting: link to tor bug tracker) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 66: | Line 66: | ||
*** microsoft, apple, google: all evil | *** microsoft, apple, google: all evil | ||
*** hall of shame: skype, silverlight, flash are all evil | *** hall of shame: skype, silverlight, flash are all evil | ||
*** http://www.wired.co.uk/news/archive/2013-10/21/googles-iron-grip-on-android | |||
* defense in depth | * defense in depth | ||
** antivirus | ** antivirus | ||
| Line 134: | Line 135: | ||
* SSL | * SSL | ||
** | ** example of site that sells SSL certs: https://www.namecheap.com/ssl-certificates.aspx | ||
** | ** example of who an OS trusts (Arch Linux uses Mozilla's cert list): https://www.archlinux.org/packages/core/any/ca-certificates/ | ||
** any of these orgs can impersonate any website | ** any of these orgs can impersonate any website | ||
** cert authorities don't solve mitm, just narrows down who can do it | ** cert authorities don't solve mitm, just narrows down who can do it | ||
| Line 183: | Line 184: | ||
* https://panopticlick.eff.org/ | * https://panopticlick.eff.org/ | ||
* http://browserspy.dk | * http://browserspy.dk | ||
* tor bug tracker is always thinking of new problems https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting | |||
* https reduces attack surface but does not solve | * https reduces attack surface but does not solve | ||
** with http you are vulnerable to fingerprinting from EVERYONE EVERYWHERE | ** with http you are vulnerable to fingerprinting from EVERYONE EVERYWHERE | ||