Scared Noob seeks guidance

[sandman_1]

sign up for a SSL server

Besides (possibly) some extra piece of mind and encryption overhead, what would SSL offer you? It's a nice touch, yes, but as long as your ISP can see the initial negotiation, they can potentially decrypt all the traffic. I'd say that if the idea here is just avoiding anti-P2P companies, an unencrypted connection to a trusted news server is enough.

Care to elaborate on that? Because I was under the impression that ALL traffic is encrypted. If it was so easy to get the data, I doubt banks or commercial interests would be using it, SSL.

[Expeto]

Admittedly a Uberkadoober Noob here, but when I signed up with Newshosting they claimed that all accounts had free ssl included. I changed the port to the default ssl port 563. Is there another step I'm supposed to take?

Ask you provider if there is an extra step or not. 563 is not the default ssl port, it is 443. But its a good thing that your provider uses a port other than the traditional, which adds more security. But don't forgot, main goal of SSL is improving security, not the privacy. Having a trusted news server is the most important thing.

[anon]

Care to elaborate on that? Because I was under the impression that ALL traffic is encrypted.

http://en.wikipedia.org/wiki/Man-in-the-middle_attack

[sandman_1]

Care to elaborate on that? Because I was under the impression that ALL traffic is encrypted.

http://en.wikipedia.org/wiki/Man-in-the-middle_attack

Guess you didn't read the wiki because it says this:

Most cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, SSL authenticates the server using a mutually trusted certification authority.

[anon]

Well, I've seen at least one successful SSL middleman attack in action - a content filter intercepting the data so that blocked Web sites would remain blocked even when accessed via HTTPS. A custom "this site has been blocked by X" page would be delivered instead of the site's content.

If that can be done, seeing what's encrypted "behind" SSL is also possible, and easier in comparison.

Some reading material on the issue I've been shown recently:
http://www.sonicwall.com/downloads/S...ure_Module.pdf
http://www.wired.com/threatlevel/201...ket-forensics/

[sandman_1]

Well, I've seen at least one successful SSL middleman attack in action - a content filter intercepting the data so that blocked Web sites would remain blocked even when accessed via HTTPS. A custom "this site has been blocked by X" page would be delivered instead of the site's content.

If that can be done, seeing what's encrypted "behind" SSL is also possible, and easier in comparison.

Some reading material on the issue I've been shown recently:
http://www.sonicwall.com/downloads/S...ure_Module.pdf
http://www.wired.com/threatlevel/201...ket-forensics/

Ok but you were saying that your ISP can decrypt the data and see what you are doing though not hackers.

[anon]

Your ISP can potentially see everything you send to, and receive from, the Internet. They have even more "liberty" than hackers, in that regard. However, it's not like they're all going to decrypt your traffic and snitch on you. 99.99% of the time you're already very safe using unencrypted Usenet, since there's no uploading involved.

[godofhell]

The reason i suggested SSL was that ISPs like Comcast have a search APP that checks the downloaded/uploaded content and if it detects something illegal it raises a flag. Then some HUMAM takes a look at it and generates a Cease and Desist letter. If you use SSL there is NO WAY that their APP will detect illegal activity and flag you as a potential LEECHER.

There are always ways around "software" encryption/security but in this case your ISP will not be able to know that you're downloading something that you're not supposed to, and that was the initial question. We were not talking about complete security, just security from your ISP.

[anon]

The reason i suggested SSL was that ISPs like Comcast have a search APP that checks the downloaded/uploaded content and if it detects something illegal it raises a flag. Then some HUMAM takes a look at it and generates a Cease and Desist letter. If you use SSL there is NO WAY that their APP will detect illegal activity and flag you as a potential LEECHER.

Isn't looking at their customers' traffic like that without a court order illegal or something?