Re: extension for Firefox to force HTTPS always?

[<full-disclosure () hushmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear 3APAPA,

In the English language, the words criticism and suggestion are not
synonyms.  If you could please kindly point out where Vladis makes
a suggestion (anywhere, anytime), or says anything constructive
(anywhere, anytime), or anything remotely clever (anywhere,
anytime) I would greatly appreciate it.

I am however impressed with your use of advanced computer hacking
tools such as host, openssl, and tcpdump in the Linux computer
hacking environment.

I feel your pain on the icmp issue as well.  Some people are just
ratfuck bastards.

Cheers!

On Fri, 12 Oct 2007 22:12:08 -0400 Harry Hoffman <hhoffman@ip-
solutions.net> wrote:
> what is wrong with his suggestion?
>
> If you look at the situation the following things happen:
>
> [hhoffman@localhost ~]$ host www.cnn.com
> www.cnn.com has address 64.236.16.20
> www.cnn.com has address 64.236.16.52
> www.cnn.com has address 64.236.24.12
> www.cnn.com has address 64.236.29.120
> www.cnn.com has address 64.236.91.21
> www.cnn.com has address 64.236.91.22
> www.cnn.com has address 64.236.91.23
> www.cnn.com has address 64.236.91.24
> Host www.cnn.com not found: 3(NXDOMAIN)
>
>
> [hhoffman@localhost ~]$ openssl s_client -connect www.cnn.com:443
>
>
> [root@localhost ~]# tcpdump -i wlan0 -ln tcp port 443 and net
> '64.236'
> tcpdump: verbose output suppressed, use -v or -vv for full
> protocol decode
> listening on wlan0, link-type EN10MB (Ethernet), capture size 96
> bytes
> 22:02:32.427607 IP 192.168.1.103.35113 > 64.236.24.12.https: S
> 2923208691:2923208691(0) win 5840 <mss 1460,sackOK,timestamp
> 102380687
> 0,nop,wscale 7>
> 22:02:35.427467 IP 192.168.1.103.35113 > 64.236.24.12.https: S
> 2923208691:2923208691(0) win 5840 <mss 1460,sackOK,timestamp
> 102383687
> 0,nop,wscale 7>
> 22:02:41.427496 IP 192.168.1.103.35113 > 64.236.24.12.https: S
> 2923208691:2923208691(0) win 5840 <mss 1460,sackOK,timestamp
> 102389687
> 0,nop,wscale 7>
> 22:02:53.427470 IP 192.168.1.103.35113 > 64.236.24.12.https: S
> 2923208691:2923208691(0) win 5840 <mss 1460,sackOK,timestamp
> 102401687
> 0,nop,wscale 7>
> 22:03:17.427469 IP 192.168.1.103.35113 > 64.236.24.12.https: S
> 2923208691:2923208691(0) win 5840 <mss 1460,sackOK,timestamp
> 102425687
> 0,nop,wscale 7>
> 22:04:05.427466 IP 192.168.1.103.35113 > 64.236.24.12.https: S
> 2923208691:2923208691(0) win 5840 <mss 1460,sackOK,timestamp
> 102473687
> 0,nop,wscale 7>
> 22:05:41.427556 IP 192.168.1.103.47627 > 64.236.29.120.https: S
> 2954205762:2954205762(0) win 5840 <mss 1460,sackOK,timestamp
> 102569687
> 0,nop,wscale 7>
> 22:05:44.427467 IP 192.168.1.103.47627 > 64.236.29.120.https: S
> 2954205762:2954205762(0) win 5840 <mss 1460,sackOK,timestamp
> 102572687
> 0,nop,wscale 7>
> 22:05:50.427472 IP 192.168.1.103.47627 > 64.236.29.120.https: S
> 2954205762:2954205762(0) win 5840 <mss 1460,sackOK,timestamp
> 102578687
> 0,nop,wscale 7>
> 22:06:02.428441 IP 192.168.1.103.47627 > 64.236.29.120.https: S
> 2954205762:2954205762(0) win 5840 <mss 1460,sackOK,timestamp
> 102590687
> 0,nop,wscale 7>
>
>
> If there are a ton of addresses associated with the hostname
> record
> you'd be sitting there for a long time, no?
>
> It'd be nice if sites sent a unreachable message but some ppl
> still
> believe that blocking all ICMP is ok...
>
> go figure.
>
> Cheers,
> Harry
>
>
> full-disclosure () hushmail com wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > MAYBE YOU HAVE A SUGGESTION OR SOMETHING CONSTRUCTIVE TO SAY
> AFTER
> > ALL THESE YEARS VLADIS OR MAYBE YOU SHOULD SHUT THE FUCK UP!!!
> >
> > YOU AREN'T SMARTER THAN WE THINK YOU ARE
> >
> > On Fri, 12 Oct 2007 21:55:37 -0400 Valdis.Kletnieks () vt edu
> wrote:
> > > On Fri, 12 Oct 2007 15:06:14 PDT, Kristian Erik Hermansen said:
> > > > I just wanted to clarify that I am looking for an extension
> that
> > > will
> > > > rewrite all encountered HTTP references in Firefox to HTTPS.
> I
> > > would
> > > > already have a firewall or some other layer7 filtering device
> > > blocking
> > > > unencrypted traffic.  The addon "Better Gmail" does something
> > > similar
> > > > to this, with the "force HTTPS" option, but not exactly...
> > > What should this hypothetical extension do if it automagically
> > > redirect
> > > http: to https:, but the target server is something that is
> only
> > > listening
> > > on port 80 because it doesn't have https: enabled?
> > >
> > > https://www.cnn.com just sorta sits there for me.
> > -----BEGIN PGP SIGNATURE-----
> > Note: This signature can be verified at
> https://www.hushtools.com/verify
> > Charset: UTF8
> > Version: Hush 2.5
> wpwEAQECAAYFAkcQJ40ACgkQ+dWaEhErNvQjfAQAhvRta2YldG0s+RPwOOYQJhmavq4
> c
> >
> uo/dTsCd3EQy6yQru6oGcmWR7CdCo8EvwoTpB0EwLgVW4z7/lujiayEMECV4zejTNzt
> w
> >
> NSabygNoko5I8wh5trmqvoSb4RfPW79qEWLgTosECR1dsCu5FfXuKZhgQwbweWpi09g
> h
> > zDPTvGg=
> > =jxe7
> > -----END PGP SIGNATURE-----
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 2.5

wpwEAQECAAYFAkcQ1S8ACgkQ+dWaEhErNvTKWQP9FkS3CGP5+EN4cTf8WUbmbJfbJ4cP
ZfizqYMy71CpaBYa/Nrwb8k4rGuuy6A3dOOErMTFrei9y7nj8NJCTAc7xjgQQnsibq2u
WlC4FqPqciFs614cbQskiX6za88UGz6SktWGMz8N29UD4Y02SDHwbalER153pGfGCey8
wTOFQaI=
=mH+r
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/