What can a hacker do using my SSL certificate and key [closed] - security

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
If I gave my SSL certificate & private key being used on website mydomain[dot]com to some hacker, would the hacker be able to hijack / intercept the connection or misuse in any way?

Right, so basically, "What's the point of protecting an SSL certificate's private key?"
The proper name for the attack you're describing is "Man in the Middle (MitM) attack".
As the name implies, the attacker needs to be in the middle [source article for the image]:
At this point, you will open an HTTPS connection to the attacker and because they have the certificate and private key, you can't tell that you are not talking directly to the legitimate web site. The attacker then opens another HTTPS connection between themselves and the server; because they are re-transmitting your messages (including your login) the server can't tell that they are not talking directly to you. The attacker is "in the middle".
How does the attacker get in the middle? Maybe they are on the same hosting service as you and have somehow tricked the service provider to route your traffic to them. Maybe they are one of the legitimate routers on the internet. Maybe they have used techniques such as BGP Hacking to convince the legitimate routers that they have a fast route to your server. Maybe they are in the same wifi is the victim and have used ARP Spoofing to convince the victim that their laptop is the wifi router and all traffic should go through it. Lots of ways, all of which require "an extra step" in order to perform the attack.
Summary: An attacker with your SSL certificate and private key can't do anything directly, but it opens up a whole category of attacks if they also have the ability to manipulate network traffic to put themselves "in between" your site and the victim.

Related

How Can I Hide IP from nmap scanning [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
How can I hide IP from Nmap scanning?
Thanks in advance (sorry if my English so bad)
The most popular services are: Tor, Proxy Chains and Privoxy.
If you want to prevent your IP Address from being leaked, you could use a proxy, VPN, or other service.
A proxy simply forwards your traffic through another server. There are web proxies and proxies for your whole system. Hide.Me and HMA both have web proxies. SamAir.RU has proxies that you can set up through your proxy settings. Proxies are typically free, but not as secure as VPNs.
A VPN (Virtual Private Network) sets up a secure, encrypted connection between you and another target, which your traffic is tunneled through. Some popular VPNs are PIA, ExpressVPN, NordVPN, Hotspot Shield, and VyprVPN. These all provide different costs and security, do some research before using one. Some keep IP/history logs, which kind of defeats the purpose.
You can also use other services, like Tor (The Onion Router) and FreeNet. Tor uses onion routering, or multiple layers of encryption, goes through multiple servers, etc., and has been super secure for years. However, the NSA cracked Tor and can now view people's browsing and IPs. FreeNet is similar to Tor, but hasn't been cracked by the NSA (yet).

How does SSL indentify the client? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I'm trying to understand SSL at a high level.
The way I understand it the entire request is encrypted. When the server receives the request how does it know where the request came from?
I was assuming it used some sort of unique identifier such as session key but if the request is encrypted then how would it know how to decrypt the request if it doesn't know where it originated from?
SSL simply provides authentication of the remote host (web server) and negotiated encryption in most cases. There are times when a client may provide a client certificate, which is then verified to be correct through SSL handshaking.
Without a client certificate, SSL does not authenticate the client and it simply can only be sure that the original sender is still the sender in the given session, as it possesses the encryption key originally agreed upon. That encryption key is necessary to continue communication and so if the client can communicate, it has the key, and is thus still the original client or some attacker that compromised the stream (unlikely with secure algorithms).
With a client certificate, SSL can authenticate the client and provide identity information to the web server, which may be consumed by a web application and used internally for whatever purpose.

In relation to packet sniffing, how secure are secure networks? [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I don't fully understand how packet sniffing works, but the gist I get from it is that if someone is logged on the same network as you, they can sniff packets for unhashed passwords and... well, that's really enough damage.
The solution, I've read, is to only go on networks that are secure when doing bank stuff, but my issue is that the only secure network I have is a school wide one (dorms). Imaginably, the school wouldn't set up a network so open to password theft, but the only thing I can think of stopping the bad guys is that we log in with our student ID. All they would need is someone else's ID and password and (if my understanding is correct) they could packet sniff pretty much everyone in the hall using the same router without being traced.
Are my fears justified, and if not why? And if so, also why?
Thank you
Speaking generally, you can't sniff transmissions between a client and a bank server since the communication uses public key encryption. That said, SSL is still vulnerable to man-in-the-middle attacks - beware of notices/alerts about unrecognized certificates.
Regarding privacy on non-HTTPS websites, it depends on how your network is set up. If it's a standard WPA2 setup then all of your unencrypted traffic is visible (easily) to anyone who is in transmission range of your computer and has the WiFi password. You can install HTTPS Everywhere from EFF (https://www.eff.org/https-everywhere‎) which helps secure your communications on many common websites - Facebook, Twitter, etc.

Alternatives to HTTPS [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
When asked to look into having authentication for my company's website, I ended up using htaccess and htpasswd. Now I'm being asked to look for a more secure solution. One scenario I was advised to look out for was sniffing. I looked around and found HTTPS seems to be the solution I'm looking for.
If the authentication is only going to be accessed by our employees and will allow them access to a database. The activity on this database should be very light. I'm under the impression no more than say... 5 queries per session, and the data retrieved would be lightweight too.
From what I've read, seems like HTTPS is what I should be betting on here. My knowledge in authentication and encryption is next to nil, so I'm wondering if there are any other options to go about secure authentication for our site.
HTTPS primarily provides:
confidentiality
integrity
authentication of the server to the client
The latter is an important measure against man-in-the-middle and impersonation attacks. Think of somebody pretending to be the server and fooling the client in submitting sensitive data like passwords.
Note that - in order to work - the server must have an SSL certificate signed by a CA recognized by the client browser. That can either be an SSL certificate obtained by a commerical CA like Verisign or a custom SSL certificate all your users must import into the certificate storage.
Bottom line, HTTPS protects you from spoofing attacks, but only if the certificates are set up correctly. Still, be sure to disable plain HTTP, otherwise an attacker may try a downgrade attack.
With HTTPS in place, you can use any of several method to authenticate the client to the server, including whatever you are using now (I guess HTTP Basic or Digest). Other options include Kerberos, the old NTLM, RADIUS, or client-side SSL certificates.

Small websites - openID instead of SSL? [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I'll be using a shared Internet connexion starting this September at my school and I was wondering about what someone sniffing traffic with Wireshark may find there. I am not planing to do this myself but I feel I ought to know more about it if I want to sometimes work on my website during class.
Basically, isn't every non-SSL website that asks you for a password and an e-mail totally unsecure to log on on a shared connexion? When you know how many people use the same password for all their web/laptop/mobile accounts, it doesn't take long to get access to someone's all private data if you manage to sniff one password and e-mail.
As for me, I am already looking at how to secure my FTP connexions, but what about my users who log through HTTP? Unless I buy a SSL certificate (which I don't want, the site's too small), they are going to get more exposed to Wireshark sniffers all over the world, right? Isn't this where login tools such as OpenID become handy for small communities, since they do provide a free encryption of passwords?
OpenID and SSL are completely unrelated. OpenID's purpose is to consolidate and give ownership of a user's identity to the user, while SSL is used to keep a user's traffic with your site secret (encrypted). You can use OpenId to keep track of the user (like Stackoverflow does) and still not use SSL for the content pages.

Resources