×
INTELLIGENT WORK FORUMS
FOR ENGINEERING PROFESSIONALS

Log In

Come Join Us!

Are you an
Engineering professional?
Join Eng-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Eng-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Are you REALLY Encrypted?

Are you REALLY Encrypted?

Are you REALLY Encrypted?

(OP)
https://finance.yahoo.com/news/encryption-many-maj...
http://www.newsweek.com/what-krack-wpa2-wifi-hack-...

Seems to in the realm of engineering failures, sadly, both in the same week. Both are in the category of inherent flaws in the very infrastructure of our on-line security.

While you're at it, if you work for a large company, it's likely that they're eavesdropping on what you might think is encrypted internet traffic: https://security.stackexchange.com/questions/10172...

TTFN (ta ta for now)
I can do absolutely anything. I'm an expert! https://www.youtube.com/watch?v=BKorP55Aqvg
FAQ731-376: Eng-Tips.com Forum Policies forum1529: Translation Assistance for Engineers Entire Forum list http://www.eng-tips.com/forumlist.cfm

RE: Are you REALLY Encrypted?

Krack - The attacker would have to be physically close to the target and the potential weaknesses would not compromise connections to secure websites

----------------------------------------

The Help for this program was created in Windows Help format, which depends on a feature that isn't included in this version of Windows.

RE: Are you REALLY Encrypted?

(OP)
"physically close to the target"

Only close enough to be within range of your wifi, and it's likely that ROI is low for trying this on most of us, but bored script kiddies have the time and patience to try it and potentially steal things of importance from you. Luckily, if your Windows is on auto-update, the last Patch Tuesday included the patch for Windows 10, although the patch description tries to fly under anyone's radar.

Nevertheless, your privacy and security isn't necessarily anywhere near what you might hope for.

TTFN (ta ta for now)
I can do absolutely anything. I'm an expert! https://www.youtube.com/watch?v=BKorP55Aqvg
FAQ731-376: Eng-Tips.com Forum Policies forum1529: Translation Assistance for Engineers Entire Forum list http://www.eng-tips.com/forumlist.cfm

RE: Are you REALLY Encrypted?

IRS: In particular if Microsoft is scooping all your data, too... keystrokes, facial recognition, and the whole nine yards... Using Win7 pro and keeping track of all the add-ons I have a batch file with about 30 apps that MS uses for spying and delete them frequently...

Dik

RE: Are you REALLY Encrypted?

(OP)
MS is at least overt about it. My company spoofs the encryption certificate for https websites. Luckily, their public keys don't appear to be suffering from the RSA weak key problem.

TTFN (ta ta for now)
I can do absolutely anything. I'm an expert! https://www.youtube.com/watch?v=BKorP55Aqvg
FAQ731-376: Eng-Tips.com Forum Policies forum1529: Translation Assistance for Engineers Entire Forum list http://www.eng-tips.com/forumlist.cfm

RE: Are you REALLY Encrypted?

dik; I'm really interested in your.. list if you're willing to post it.

Keith Cress
kcress - http://www.flaminsystems.com

RE: Are you REALLY Encrypted?

Well, I'm reminded of that Seinfeld episode where Kramer and what's-his-name were reversing their front door peepholes so people could see in...in the hopes that somebody would WANT to see in! If anybody's intercepting my emails, they're probably encrypting it themselves so they don't have to read it. I'd have to pay money to get a stranger to read that stuff.

I'm just envisioning the North Koreans sitting over there thinking "Now, this guy seems interested in cotton gins...is that some secret code for something interesting or what?"

RE: Are you REALLY Encrypted?

Computerphile released a YouTube video on the subject of 'krack'. I happen to have watched it last night.

https://www.youtube.com/watch?v=mYtvjijATa4

My conclusion is that it isn't actually that big a deal for most situations.

...But still, worth watching for the patches.

RE: Are you REALLY Encrypted?

Hackers don't like it when boring people encrypt their email.

--
JHG

RE: Are you REALLY Encrypted?

drawoh... neither do the authorities...

Dik

RE: Are you REALLY Encrypted?

dik,

What was then the Toronto Linux Users Group held a lecture on some encryption software somebody was developing. Apparently, this had to be done in Canada and in the Netherlands. If it had been worked on in the USA, it would have been classified by ITAR as munitions. Perhaps a large, hard cover manual could be used as some sort of bludgeon.

--
JHG

RE: Are you REALLY Encrypted?

Drawoh,
Great article! Thank you; that will save me hours every time I encrypt my mother's birthday e-card.

STF

RE: Are you REALLY Encrypted?

drawoh:

PGP had that problem decades back, and had an export restriction about it being treated as munitions by the US... it was at that point available world wide... like closing the proverbial barn door.

Dik

RE: Are you REALLY Encrypted?

Quote (IRStuff)

While you're at it, if you work for a large company, it's likely that they're eavesdropping on what you might think is encrypted internet traffic

I think there are some legitimate reasons for web/e-mail traffic to be monitored at work. If you visit *.ru sites on a regular basis, for instance, you don't have to be selling company secrets to be causing trouble. Just be logging to that address you are waving a flag saying "come get me"!

STF

RE: Are you REALLY Encrypted?

(OP)
Blocking domains is a whole separate thing altogether. I'm referring to what is essentially a man-in-the-middle attack on all your https connections, so my company, which does this, gets everything I might send to my bank over what I think is an encrypted connection. So, somewhere, there is a datafarm with my banking information in plaintext for someone or some program to review for any perceived wrongdoing.

TTFN (ta ta for now)
I can do absolutely anything. I'm an expert! https://www.youtube.com/watch?v=BKorP55Aqvg
FAQ731-376: Eng-Tips.com Forum Policies forum1529: Translation Assistance for Engineers Entire Forum list http://www.eng-tips.com/forumlist.cfm

RE: Are you REALLY Encrypted?

I keep all my separate projects on an encrypted USB stick that I use on my laptop which is not connected to the company network...

Dik

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Eng-Tips Forums free from inappropriate posts.
The Eng-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Eng-Tips forums is a member-only feature.

Click Here to join Eng-Tips and talk with other members! Already a Member? Login



News


Close Box

Join Eng-Tips® Today!

Join your peers on the Internet's largest technical engineering professional community.
It's easy to join and it's free.

Here's Why Members Love Eng-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close