Create an Account
username: password:
 
  MemeStreams Logo

insecure until demonstrated otherwise

search

noteworthy
Picture of noteworthy
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

noteworthy's topics
Arts
  Literature
   Fiction
   Non-Fiction
  Movies
   Documentary
   Drama
   Film Noir
   Sci-Fi/Fantasy Films
   War
  Music
  TV
   TV Documentary
Business
  Tech Industry
  Telecom Industry
  Management
Games
Health and Wellness
Home and Garden
Miscellaneous
  Humor
  MemeStreams
   Using MemeStreams
Current Events
  War on Terrorism
  Elections
  Israeli/Palestinian
Recreation
  Cars and Trucks
  Travel
   Asian Travel
Local Information
  Food
  SF Bay Area Events
Science
  History
  Math
  Nano Tech
  Physics
  Space
Society
  Economics
  Education
  Futurism
  International Relations
  History
  Politics and Law
   Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
  Military
  Philosophy
Sports
Technology
  Biotechnology
  Computers
   Computer Security
    Cryptography
   Human Computer Interaction
   Knowledge Management
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
insecure until demonstrated otherwise
Topic: Miscellaneous 9:16 pm EDT, Jun 18, 2015

Bruce Schneier:

Everything should be believed insecure until demonstrated otherwise.

George V. Neville-Neil:

I often think that programmers shouldn’t just be given offices instead of cubicles, but padded cells. Think of how much the company would save on medical bills if everyone had a cushioned wall to bang their heads against, instead of those cheap, pressboard desks that crack so easily.

Qualys SSL Report:

SSL Report: blogs.rsa.com (198.90.20.87)
Assessed on: Fri, 19 Jun 2015
Overall Rating: T

This server's certificate is not trusted, see below for details.

Authentication

Server Key and Certificate #1

Common names: Parallels Panel MISMATCH
Trusted: No NOT TRUSTED

Certification Paths

Path #1: Not trusted (path does not chain to a trusted anchor)

Sent by server
Not in trust store Parallels Panel Self-signed
Fingerprint: 9d09c4edb82e52afae79a8b22f9540efafbdb716
RSA 2048 bits (e 65537) / SHA1withRSA
Weak or insecure signature, but no impact on root certificate

A certificate is invalid if:

It is used before its activation date
It is used after its expiry date
Certificate hostnames don't match the site hostname
It has been revoked

curl:

$ curl -vvv "https://blogs.rsa.com"
* About to connect() to blogs.rsa.com port 443 (#0)
* Trying 198.90.20.87...
* connected
* Connected to blogs.rsa.com (198.90.20.87) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
* Closing connection #0

wget:

$ wget -vd "https://blogs.rsa.com"

Resolving blogs.rsa.com... 198.90.20.87
Caching blogs.rsa.com => 198.90.20.87
Connecting to blogs.rsa.com|198.90.20.87|:443... connected.
Created socket 3.
Releasing 0x0000000001e61fd0 (new refcount 1).
Initiating SSL handshake.
Handshake successful; connected socket 3 to SSL handle 0x0000000001e631d0
certificate:
subject: /C=US/ST=Virginia/L=Herndon/O=Parallels/OU=Parallels Panel/CN=Parallels Panel/emailAddress=info@parallels.com
issuer: /C=US/ST=Virginia/L=Herndon/O=Parallels/OU=Parallels Panel/CN=Parallels Panel/emailAddress=info@parallels.com
ERROR: cannot verify blogs.rsa.com’s certificate, issued by “/C=US/ST=Virginia/L=Herndon/O=Parallels/OU=Parallels Panel/CN=Parallels Panel/emailAddress=info@parallels.com”:
Self-signed certificate encountered.
ERROR: certificate common name “Parallels Panel” doesn't match requested host name “blogs.rsa.com”.
To connect to blogs.rsa.com insecurely, use ‘--no-check-certificate’.
Closed 3/SSL 0x0000000001e631d0



 
 
Powered By Industrial Memetics
RSS2.0