Security :: Capture A Header And Resend It Even If It's Over Https?
Jun 19, 2010
When connecting to an unknown unsecured wireless network, is it possible for someone to capture a header and resend it even if it's over https? For example I login on an ipod or on a computer and connect to a server through https and password auth. Although anyone monitoring the transmission could not get hold of my password since it's encrypted, could they just capture the header and resend it 5mins later to logon again without even knowing the password?
View 13 Replies
ADVERTISEMENT
Oct 28, 2010
What is the current status of HTTPS Everywhere add-on for FF? I understand it was previously compatible, but it is not now (I am running 3.6.11 on LL). This article on firesheep has me a bit freaked.
View 1 Replies
View Related
Mar 27, 2011
Is there a plugin or some other way to check to see if a website has https available, and use that instead? I know some sites, like Wikipedia have a different hostname for SSL support while others have the same hostname, just What I would really like to seesome kind of header in the http reply or the html that saysSecureAvailable= is there any system like this in place? There's too many issues with with unencrypted http to continue having that as the default.
View 3 Replies
View Related
Aug 17, 2010
I have just installed SSL certificate for my private domain (it runs on a private ip in a local network). I got the trial SSL from thawte. I have successfully installed the certificate.
View 1 Replies
View Related
Jun 17, 2011
I want block https sites if suppose block the http it will opening in https.
View 9 Replies
View Related
Jul 16, 2011
I have tried to configure my iptables to allow only HTTPS connections to the internet. Unfortunately, I didn't get that to work. I configured it like this:
Quote:
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -t filter -p tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -t filter -p udp --dport 53 -j ACCEPT
[Code]....
Of course I am only trying to access websites via HTTPS Still, I was wondering if HTTPS somehow under the hood requires the HTTP port to be open or if my rules are in some other way wrong.
ps: I got the rules from that website: [URL]
View 9 Replies
View Related
Nov 5, 2010
My Problem is: I want to stop gmail access without blocking https. Yes in my squid proxy normal http://gmail.com is not accessible. But gmail recently started https service by which user can still get access to gmail. I DONT WANT TO STOP https CAUSE ITS BEING USING BY MY COMPANY GOOGLE MAIL PROGRAM.
View 2 Replies
View Related
Jan 27, 2011
Using the Sidewinder DNS, we get truncation now. 192.168.5.1 is our MS Active Directory DNS server. 192.168.1.1 is our Sidewinder - zones are replicated from AD to Sidewinder.
View 1 Replies
View Related
May 12, 2010
I have an ssh tunnel with my ubuntu (vps) server. On my local computer I have proxifier, to redirect everything with socks5.
Everything works fine, I can browse websites and that. Email also works.
But when I want to visit a website that uses https it doesn't work. I do not get to see the website, or receive an internal server error.
View 7 Replies
View Related
Sep 17, 2010
I am working on a project to create a video conferencing environment. For this I use a default installation of BigBlueButton on ubuntu 10.04. One of the main problems here is that it's not safe enough to share classified documents trough this software. It's a simple webserver that uses nginx. What I want to do is make this connection secure.
One of the problems is that I don't only have a connection trough port 80 but it uses the following ports:
Port 80 (HTTP), 1935 (RTMP), 9123 (Desktop sharing).
I would like to use a proxy instead of some tunneling or vpn to do this. Would anyone happen to know anything about squid or another equivalent to do this?
View 3 Replies
View Related
Jul 12, 2010
how i can resend a message to specific mail account and not delete it when qtrap is enabled in a domain? If qtrap find a word in a mail, delete the mail but i want resend to
another mail address?
OS: centos 5.4
qmailinstall: qmailtoaster.
View 1 Replies
View Related
Apr 4, 2011
Basically, whenever I am on an unencrypted wireless hotspot, I open up an SSH tunnel to my home server to do all my browsing for the privacy and security it provides.But I got to thinking, and now I am curious, if I am visiting a site like gmail for instance that always uses SSL/TLS for it's connections, is there any added benefit to also using an encrypted tunnel? or is it perhaps superfluous to use both
View 3 Replies
View Related
May 22, 2011
I have set up certain portions of my web site to be forced https:// How do I force, non https:// protocols. I know this sounds confusing, so let me give you an example.
[Code]...
View 7 Replies
View Related
May 6, 2010
I'm trying to figure out how to use ADrive.com's 50 GB's or SkyDrive's 25 GB's of free storage to backup my computer automaticaly.
Problem's:
1. With ADrive I can select all my files at once through their website's uploader vs SkyDrive where you have to select them one by one. There are some third party programs, like Gladinet, which will mount sky drive to your computer like an extra drive, though I haven't found one for linux yet. This guy came up with a cool way to backup automagically with Windows: [URL] I am trying to figure out how to do the same thing with Linux.
2. ADrive's uploader is not on https, whereas SkyDrive is. Either way I wanted to encypt my files on my computer first so when I back them up, they are safe in case they should fall into the wrong hands, not that I don't trust Microsoft or whoever ADrive is with all my most precious documents, but I'd rather error on the side of safety.
View 1 Replies
View Related
May 22, 2010
I recently had to reinstall ubuntu, so I backed up both my ~.gnupgp and ~.gnome2 folders and copied them over in the new installation. My old keys show up just fine in the password manager, but when I attempt to open a file encrypted with one of them, I get the error: "Could not display (name of file): There is no application installed for PGP/MIME-encrypted message header files"
View 1 Replies
View Related
Apr 4, 2011
Second off, I'm trying to capture a user password on login (through gdm) such that I can re-use it for a service like Kerberos or AFS. The idea is that the user has to log in only once, and then I renew the tickets and tokens until they log out again. If there's a better way to do this
View 4 Replies
View Related
Jun 5, 2010
I am looking for an screen capture application which auto runs when ubuntu starts up and work without any instructions or clicking capture or anything,
= "Some1" ** Turns on the System --> UBUNTU Loads --> the Screen capture Runs--> it takes screen shots with out "Some1"s knowledge// turns off system....
I get home -->> turn on system -->> screen shots r saved.. n um checking em...!!!
View 9 Replies
View Related
Jul 22, 2010
currently I'm fiddling around with mod_security for apache2 configurations on CentOS boxes, right now in a test environment first (i.e. separate non production box).CentOS includes the mod_security "Core Rule Set" by Breach Security Inc, the devs behind that module.So far all's running mostly, logs/auditlogs etc.For simple testing, I made a small php form as following:
Code:
<?php
$link = mysql_connect("localhost",$user,$pass); //un/pw obfuscated for forum post
[code]...
View 1 Replies
View Related
Aug 9, 2011
I'm about to create a CSR and was reading this page in the Ubuntu docs: [URL] A couple of things:
* There's no date on the article. The documentation needs DATES because this information gets out of date! Check MySQL docs, for instance -- they are organized by version.
* The instructions for generating a cert only specify 2048 bits. I believe that's kind of out of date? The verisign site has big red warnings saying you need 2048 if you want your cert to last past 2013 -- and that article is 4 years old!
* The instructions are confusing when discussing the passphrase. We enter a passphrase only to remove it immediately. We need some clarity here. Why do this?
How to understand the current best practices for generating an HTTPS cert for apache and/or mail access?
View 6 Replies
View Related
Apr 22, 2011
where can i get socket.h header file? will copy pasting this header file in 'incl' directory allow me to use it in the my program?
View 1 Replies
View Related
Aug 13, 2010
What is the best analogue capture program please to capture Austar.
View 1 Replies
View Related
Jun 21, 2010
I can't seem to get lvs to work with https/443. Works fine with port 80 and I found many examples on the net but none seem to work for port 443. Works fine when going directly to the server, just not through lvs. I thought it might be the send/expect statements but have tried various with no go.
Serial_no = 99
Primary = 172.16.30.5
Service = lvs
Backup_active = 1
Backup = 172.16.30.6 .....
View 1 Replies
View Related
Oct 8, 2010
I'm just wondering how many people out there use a load balancer of some kind for terminating HTTPS/TLS/SSL before sending requests onto backend web servers?
And if you send the requests onto those backend servers using an Stunnel of some sort to keep the data encrypted between your load balancer and your webservers?
View 4 Replies
View Related
Jul 29, 2011
I'm trying to use svn over http or https because I'm rear of a corporate proxy. Only allows HTTP connections.
I tried connect-tunnel but no success.
I also modified ./subversion/servers and I added the proxy server but no success.
View 2 Replies
View Related
Apr 18, 2011
I have issue with lwp. A https get request returns 400 error. How ever I am able to get 200 response using a browser. I am not using any proxy.
View 1 Replies
View Related
Dec 24, 2010
i have problem with chromium ...when i try opening website like [URL].. i get a message saying untrusted certificate and if i proceed then it crasehs in no time....it is d problem with www.facebook.com tooo..wat do i do ? what exactly is the problem..?
View 2 Replies
View Related
Dec 27, 2010
I have configure https for my local intranet on ubuntu.
I have followed following documentation.
[URL]
I am using Self-Signed Certificate.
I have 10 folders inside http://"myipaddress" location.I want to activate/access https:// for specific folder (https://myipaddress/myfolder).
here https getting activated for whole apache2 server.How can i activate it for specific folder.
View 1 Replies
View Related
May 11, 2011
I can not log into our servers at work, Citrix, so; How do we use a https with Firefox?
I have Citrix Receiver installed, but one of the IT guys from work said to un-install it! How do I do that? and then they want me to load Cag from the web site...how do I do that?
Yesterday I put Win7 back on my pc at home - damn shame - and I was able to log into work through Internet Explorer, by putting the website in the trusted zone.
Am I supposed to do something similar with Firefox?
I found this on the net, and have done what it says...
Select a setup option:
1. Install Citrix Receiver for Linux 11.100
2. Remove Citrix Receiver for Linux 11.100
3. Quit Citrix Receiver for Linux 11.100 setup
Enter option number 1-3 [1]: 2
Please enter the directory containing the Citrix Receiver for Linux installation [default /usr/lib/ICAClient] or type "quit" to return to the menu:
The file is in fact the default, but I can't get the string to work!
View 1 Replies
View Related
May 9, 2011
I had setup an SSL secure server awhile back, such that: [url] works but [url]does not (note the different: in the first, I use HTTPS, whereas the second I use HTTP) How can I get both to co-exist?
View 7 Replies
View Related
Jul 13, 2010
I am using the curl version 7.21.0. When I try the curl command from command like, things works fine for the http sites. But when I try https I get certificate error. I have source compiled curl with latest OpenSSL. I have also tried downloading the latest certificate bundle. With the same version of curl, same version of openssl with same certificate file I can get it work on the linux. But in the QNX OS I get this error.
./curl --cacert /mnt/temp/curl-ca-bundle.crt -v https://www.paypal.com
* About to connect() to proxy 172.16.2.17 port 8080 (#0)
* Trying 172.16.2.17... connected
[code]...
View 1 Replies
View Related
