FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » PHP mysql_excape but need to search for those items
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: PHP mysql_excape but need to search for those items [message #178417 is a reply to message #178413] Sat, 16 June 2012 01:07 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 6/15/2012 4:36 PM, Arno Welzel wrote:
> Jerry Stuckle, 14.06.2012 13:40:
>
>> On 6/14/2012 2:47 AM, Arno Welzel wrote:
>>> Jerry Stuckle, 12.06.2012 14:00:
> [...]
>>>> Setting up a proxy would mean alternations to the domain name servers
>>>> data. Additionally, the certificate either would not match the domain
>>>> name or the certificate would not be signed by a recognized authority
>>>> (which is a good reason to use a trusted certificate).
>>>
>>> Nameservers can be compromised - e.g. by cache poisoning.
>>>
>>
>> And exactly how often has that occurred? And who has the tools to do it?
>
> To read more about:<http://www.kb.cert.org/vuls/id/800113>
>
> Just because you can not imagine that his happens in reality does not
> mean that you can ignore the problem.
>

Quite frankly, I don't believe everything I see on the web. Do you have
any proof this has actually occurred?

> I must admit that this problem is well known now for about 4 years and
> hopefully anyone who's responsible for a nameserver did solve this - but
> i mentioned it to show that "security" is not just "i use SSL, this i
> secure".
>

Again - do you have proof any of this has actually occurred?

>>>> I don't know of any broken CAs in the past, but there could have been.
>>>> However, the ones I use won't issue a certificate just to anyone.
>>>
>>> And these are?
>>>
>>
>> Thwate, for one. Verisign for another.
>
> VeriSign is also on the list of the CAs which had at least one security
> problem:
>
> < http://www.reuters.com/article/2012/02/02/us-hacking-verisign-idUSTRE8110Z8 20120202>
>
> Of course they will never tell you about any details and of course you
> shall believe that everything is perfectly fine.
>
> And not to forget:
>
> < http://www.thetechherald.com/articles/DigiNotar-security-incident-goes-from -bad-to-worse>
>
> "In total, 531 fraudulent certificates were issued during the DigiNotar
> breach, including certificates for Google, Microsoft, MI6, the CIA, TOR,
> Mossad, Skype, Twitter, Facebook, Thawte, VeriSign, and Comodo."
>
> Do you still believe, the CA system is trustworthy?
>

Again, I don't believe everything I see on the Internet. But I have
used both Thawte and Versign, and know what a company has to go through
to get a certificate.

Again, do you have any proof any of this has occurred? Or just a web
site which claims such?

>>> Just as a reminder: DigiNotar, Comodo, RSA - just to name a few who
>>> already got compromised.
>>>
>>> Also see:
>>>
>>> < http://blogs.comodo.com/it-security/data-security/the-recent-ra-compromise/>
>>>
>>>
>>> < http://www.itscolumn.com/2011/09/certificate-authority-hacked-google-faced- mitm-attack/>
>>>
>>>
>>> The whole model of trusting CAs and not single certificates (as in SSH)
>>> must be considered broken.
>>
>> And you have a better solution?
>
> As i already said: Don't trust a CA, only trust (or don't trust) the
> certificate. If it changes your browser will immediately tell you - even
> if it was signed by a CA.
>
>

So, what is your solution? Just telling someone not to trust a CA is
not a solution.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Using count() as an array index
Next Topic: can't modify include path
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 30 10:25:17 GMT 2024

Total time taken to generate the page: 0.03558 seconds