this post was submitted on 17 Jun 2024
17 points (100.0% liked)

linuxmemes

21180 readers
867 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.

  • Please report posts and comments that break these rules!

    founded 1 year ago
    MODERATORS
    you are viewing a single comment's thread
    view the rest of the comments
    [–] Xephonian@retrolemmy.com -1 points 4 months ago (2 children)

    You think your data is secure with HTTPS? There's always an undisclosed vulnerability somewhere.

    Patches solve specific issues but they do nothing for overall security.

    [–] possiblylinux127@lemmy.zip 0 points 4 months ago (1 children)

    I don't think there is any vulnerability in https. There are know limitations but https itself is fine. If you are talking about TLS vulnerabilities then we have much more to worry about. To compromise the content on a page someone would have to brute force TLS very fast which isn't feasible with today's computer. Today's computer would take at least a few million years. But I have scene estimates that say long past the heat death of the universe.

    Even if https was full of holes it still would be better than http. Http has zero tamper protections or encryption. Companies like AT&T used to tamper with traffic to various purposes and it was feasible for them to do so.

    [–] Xephonian@retrolemmy.com -1 points 4 months ago* (last edited 4 months ago)

    TLS 1.0 was released in 1999 as an upgrade from SSL 2.0 and 3.0.

    And these days we're on v1.3 - https://www.cloudflare.com/learning/ssl/why-use-tls-1.3/

    Notice anything? There's always a flaw. The general public hasn't discovered it in TLS1.3.....yet

    And again, Banking websites, some stuff makes a lot of sense to use encryption.

    Just not everywhere.

    [–] Aux@lemmy.world 0 points 4 months ago (1 children)
    [–] Xephonian@retrolemmy.com -1 points 4 months ago* (last edited 4 months ago)

    Oh look, we've found a security 'researcher'. Mad that your job only consists of making other people's job harder?

    Try the DMV, that's also a great place to work where you can inflict misery on others.

    Valuable zero days aren't exposed. They're sold. If someone wants your data they will get it. HTTPS means nothing except huge amounts of wasted CPU cycles and energy.