SoylentNews is people
SoylentNews
Just recently, I moved my personal website to HTTPS, making sure to use a secure 2048-bit RSA key and TLS 1.2, and guarding against vulnerabilities such as POODLE and Logjam. It took some work, but not that much work, even for doing the research. Yet there are some people who just don't care.
Due to a new technique, 512-bit keys are now completely vulnerable for as little as $75.
The technique, which uses Amazon's EC2 cloud computing service, is described in a paper published last week titled Factoring as a Service .
[...] The researchers concluded that despite widespread awareness that 512-bit keys are highly susceptible to breaking, the message still hasn't adequately sunk in with many administrators. The researchers wrote:
512-bit RSA has been known to be insecure for at least fifteen years, but common knowledge of precisely how insecure has perhaps not kept pace with modern technology. We build a system capable of factoring a 512-bit RSA key reliably in under four hours. We then measure the impact of such a system by surveying the incidence of 512-bit RSA in our modern cryptographic infrastructure, and find a long tail of too-short public keys and export-grade cipher suites still in use in the wild. These numbers illustrate the challenges of keeping an aging Internet infrastructure up to date with even decades-old advances in cryptanalysis.
The article reports finding a significant number of sites that are still using 512-bit RSA keys to protect HTTPS, DNSSEC, ssh, e-mail (SMTP, POP3, and IMAP), and other services.
(Score: 2) by maxwell demon on Thursday October 22 2015, @06:55PM
I don't see that. After all, not loading content from a specific URL is not dependent on whether that URL is HTTP or HTTPS. Moreover, the browser definitely has to decrypt and thus will be able to access any information, as will any extensions running in the browser. As long as the browser doesn't get locked down, there's no way anyone can prevent you from blocking ads.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by Hyperturtle on Friday October 23 2015, @06:39PM
That is assuming that the ads are coming from outside of the original domain.
If ad delivery starts to take place from common content delivery networks that also share the same resources as movie and music delivery, (or more generically, use google servers for motion video content delivery since that network also already exists), then it could become quite challenging to determine which server is which. The same domain may play youtube videos and ads. The server might not be the same, but we may not get to see that name if this happens behind a load balancer and we get a single IP for what could be a farm of servers.
That requires effort, community contributed effort, for identification. It may be time consuming but possible... and so, the day may come when it takes more than blocking doubleclick.net and others like it. The enemy may decide to wear sheep's clothing instead of simply turning it's evil bit on so we know to drop it. You have to admit, they are being very obvious about it for the most part. there are even domains with advertising related words in them! Not too hard to identify which ones are problematic.
Consider all of that javascript that can be blocked and the domains dont even get looked up -- that javascript is often coming from the source domain to call other resources.
If the resources are then all held in the same "cloud" and not spread out, it will be difficult to filter because they will all have a commonality in their names; DNS names may be more or less aliases to consumers, with the servers serving the ads and the content from the same domain on the back end. How the browser chooses to display this may be different than what you could find in a packet capture -- the browser is application that interprets commands, and you have seen how google and others want to remove http or https because protocols are hard for people to understand.
Anyway, my fear, and am not claiming it will happen... is that companies work to block ads by presenting the data as coming from a single source, and primarily choosing to do so in response to people blocking third party everything.
My experience is that many good things get ruined when it gets a review by kim kommando. I see the value in what she provides to her audience, but when you start to share our dirty ad blocking secret with the masses, then the people leading the masses (or at least, showing them ads) start to take note.
My last comment is consider microsoft.
Lots of their problem servers are in the microsoft.com domain. And many of their good ones are. Which ones do you block? You can't just block the microsoft domain entirely... and they have many many servers, some of them are dynamically created. It'd be very hard to map that out!
If google took that approach for the ad delivery, ad blocking would have a challenge. Otherwise, if blocking from the same domain is easy, then I'd just block that annoying windows 10 update server and never get it. But that update is mixed with other stuff I want to get! From the same servers! I can't block those and still get updates. It is not a punch the monkey type of obvious to block scenario -- its where windows as a service makes it hard to disable various services because they do more than one thing.