"Yeah I agree that's a big hole in HSTS, but then the Internet is unfortunately insecure by default and I don't think there's a simple way around that."
It means a lot about Internet in General.
It means a lot about Internet in General.
Is this referring back to having the web server configured to set HSTS expiry same as the certificate? If everyone gets a HSTS record that aligns with the expiry of the certificate then it's a perfect time to attack. Say I go to the website 10 days before expiry and get a 10 day HSTS record. Whether they replace their cert or not is irrelevant; If someone manages to hijack my connection when the original cert (and my HSTS record) expires**, but before I go back to that website and get a new cert + longer HSTS record, they can give me a HTTP copy of the website without my browser complaining.
Ideally the HSTS records returned should continually be pushing the expiry long into the future.
Note also that the CAs are continually pushing for shorter cert expiry times so that new security features can be brought in - and broken or weak features removed - quicker. The current max for a commercial cert recently dropped to 2 years (think it's actually a few months over 2 years) and they may reduce it further in the future.
Hmm looks like that site just points to the IP address of the forums.
ShelLuser
Not to be a combobreaker in this thread but this is my links:
View attachment 4952
I hit login with enter or -> but I end up with the same visuals (no change). Am I missing some great knowledge of links or how come you can get the login menu?
This is like one thing why I have not been using links more often.
Thanks.
Are you seriously running lynx? Just curious...
Scroll down.ShelLuserI hit login with enter or -> but I end up with the same visuals (no change). Am I missing some great knowledge of links or how come you can get the login menu?
Some people, such as myself, are hard core console usersAre you seriously running lynx? Just curious...
Are you seriously running lynx? Just curious...
Scroll down.
Scroll down.
This is the caveat with ASCII browsers: the website gets pretty mixed up, so basically all components somewhat "stack" and that means that things such as the login option end up all the way down, after the regular menus and such.
It's easy to overlook but it's there.
Some people, such as myself, are hard core console users
Heck, when I'm in one of my console moods I even use the aa or aca output settings for mplayer to watch my movies the way they were intended: on the console!
(don't take that last comment too seriously, but it is true that I sometimes do enjoy playing with those settings).
screen
so that I could manage several sessions...then eventually decided that I needed xterms with 200+ characters across and 60 vertical lines...Well, console went the way of the DoDo. But then I freak when I have to read or modify code with braces on separate lines: cannot stand functions that are several pages long, when they can be written in half that space.Yes, that's what SirDice said, he got the same thing on his end.
I wasn't sure what to make of it at first.