↑ Return to SSL

L03 HTPP or HTPPS? and Proxies


Page no: L03

Page no: S17b

 

The follow is base for our discussion if snbchf will be HTTPS or remains HTTP like most WordPress blogs.

Here we speak about proxies and connections over proxies. Any connection over proxies implies that the IP is different from the Reverse IP.

Mobile browsing makes the remark “this site is not safe” for the https://snbchf.com/

 

Original page

 

Forum Regular
drew&venna's Avatar
Joined: May 2006
Location: Beautiful California
Posts: 88
drew&venna is a name known to alldrew&venna is a name known to alldrew&venna is a name known to alldrew&venna is a name known to alldrew&venna is a name known to alldrew&venna is a name known to alldrew&venna is a name known to alldrew&venna is a name known to alldrew&venna is a name known to alldrew&venna is a name known to alldrew&venna is a name known to all
Question Are proxy servers dangerous?

Hi, I posted this in another forum before discovering this one, just want to know if there are any dangers involved with using free proxy servers, from say http://www.proxy4free.com/page1.html

I am desperate to view stuff on BBC and ch.4.

thanks

drew&venna is offline

Old Jul 23rd 2008, 9:44 am   #2
You call that a moustache
ex_exile's Avatar
Joined: Sep 2006
Location: Heading West..
Posts: 2,060
ex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond repute
Default Re: Are proxy servers dangerous?

Quote:
Originally Posted by drew&venna View Post

Hi, I posted this in another forum before discovering this one, just want to know if there are any dangers involved with using free proxy servers, from say http://www.proxy4free.com/page1.html

I am desperate to view stuff on BBC and ch.4.

thanks

Yes, as they are proxying [you make a connection to their server and they make a connection to the website you want to get to] your connection in theory they can see all the stuff that you can see, know where you are surfing to and can possibly even see passwords entered. In the US they are required by law to keep these records for a certain amount of time in case the feds want to look at them.

If you need to use a proxy pay for a SSL proxy which ensures that your data is encrypted.

ex_exile is offline
Old Jul 24th 2008, 1:15 am   #3
Not so super superslob
Moderator
Bob's Avatar
Joined: Aug 2004
Location: MA, USA
Posts: 87,446
Bob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond repute
Default Re: Are proxy servers dangerous?

Quote:
Originally Posted by ex_exile View Post

Yes, as they are proxying [you make a connection to their server and they make a connection to the website you want to get to] your connection in theory they can see all the stuff that you can see, know where you are surfing to and can possibly even see passwords entered. In the US they are required by law to keep these records for a certain amount of time in case the feds want to look at them.

If you need to use a proxy pay for a SSL proxy which ensures that your data is encrypted.

For the point of getting around being in the US, you wouldn’t be using a US based proxy ain’t way, so moot point.

Problem with free ones, they generally don’t have enough bandwidth, so okay for radio, but tend to be crap for tele streams, paid for ones tend to have enough bandwidth to make it work well…

__________________
When I was born I was so surprised I didn’t talk for a year and a half. ~ Gracie Allen
You can only be young once. But you can always be immature. ~ Dave BarryImmigrants should be tarred and feathered….Yes, I like it kinky.
Bob is offline
Old Jul 24th 2008, 1:34 am   #4
You call that a moustache
ex_exile's Avatar
Joined: Sep 2006
Location: Heading West..
Posts: 2,060
ex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond repute
Default Re: Are proxy servers dangerous?

Quote:
Originally Posted by Bob View Post
For the point of getting around being in the US, you wouldn’t be using a US based proxy ain’t way, so moot point.

If you use a free proxy you dont always know where it is though do you

ex_exile is offline
Old Jul 24th 2008, 2:11 am   #5
Not so super superslob
Moderator
Bob's Avatar
Joined: Aug 2004
Location: MA, USA
Posts: 87,446
Bob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond repute
Default Re: Are proxy servers dangerous?

Quote:
Originally Posted by ex_exile View Post
If you use a free proxy you dont always know where it is though do you

Then you don’t use it…they usually say which country they are based in…

__________________
When I was born I was so surprised I didn’t talk for a year and a half. ~ Gracie Allen
You can only be young once. But you can always be immature. ~ Dave BarryImmigrants should be tarred and feathered….Yes, I like it kinky.
Bob is offline
Old Jul 24th 2008, 2:24 am   #6
You call that a moustache
ex_exile's Avatar
Joined: Sep 2006
Location: Heading West..
Posts: 2,060
ex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond repute
Default Re: Are proxy servers dangerous?

Quote:
Originally Posted by Bob View Post
Then you don’t use it…they usually say which country they are based in…

And you’d trust them? I wouldnt. If you really want to know where they are you need to traceroute (or visual traceroute) to the proxy which is beyond most users knowledge.

So my advice is dont use them, why would you trust someone who is helping you circumvent the law? And thats basically why most people are using the proxies.

ex_exile is offline
Old Jul 24th 2008, 2:30 am   #7
Not so super superslob
Moderator
Bob's Avatar
Joined: Aug 2004
Location: MA, USA
Posts: 87,446
Bob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond repute
Default Re: Are proxy servers dangerous?

Quote:
Originally Posted by ex_exile View Post

And you’d trust them? I wouldnt. If you really want to know where they are you need to traceroute (or visual traceroute) to the proxy which is beyond most users knowledge.

So my advice is dont use them, why would you trust someone who is helping you circumvent the law? And thats basically why most people are using the proxies.

Well it becomes fairly obvious in this context, people wouldn’t use them if they were US based, based on the fact that they couldn’t connect to the content they want to use, and it’s only a grey area of the law…and plenty of people use them for none illegal means such as getting around a work/uni block of sites.

__________________
When I was born I was so surprised I didn’t talk for a year and a half. ~ Gracie Allen
You can only be young once. But you can always be immature. ~ Dave BarryImmigrants should be tarred and feathered….Yes, I like it kinky.
Bob is offline
Old Jul 24th 2008, 3:08 am   #8
You call that a moustache
ex_exile's Avatar
Joined: Sep 2006
Location: Heading West..
Posts: 2,060
ex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond repute
Default Re: Are proxy servers dangerous?

Quote:
Originally Posted by Bob View Post
Well it becomes fairly obvious in this context, people wouldn’t use them if they were US based, based on the fact that they couldn’t connect to the content they want to use, and it’s only a grey area of the law…and plenty of people use them for none illegal means such as getting around a work/uni block of sites.

Well not really no. What they are trying to proxy wouldnt work from a US based proxy but as I say you wouldnt necessarly know it was US based until you tried it and it didnt work.

I dont think that you understand the phenomona or process of identity cloning and theft. People who use facebook and ebay through proxies are finding that their accounts are being used by imposters as an “in” to their identity from which various bad things start to happen, and who are you going to complain to about this, your friendly local or international anonomous proxy operator? Good luck with that, if they DONT hold logs there is no evidence that your were ever on their proxies in the first place.

They are dangerous Bob plain and simple.

ex_exile is offline
Old Jul 24th 2008, 3:21 am   #9
Riding on silver wings
ugacrew's Avatar
Joined: Oct 2007
Posts: 10,543
ugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond repute
Default Re: Are proxy servers dangerous?

Alright you two. I can see where this is going. Both of you state what your background is as to qualify your opinions on the matter and be done with it. (man I love being an instigator)
__________________
“Ad astra per espera” ~ To the stars through difficulties.
ugacrew is offline
Old Jul 24th 2008, 3:37 am   #10
You call that a moustache
ex_exile's Avatar
Joined: Sep 2006
Location: Heading West..
Posts: 2,060
ex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond repute
Default Re: Are proxy servers dangerous?

Quote:
Originally Posted by ugacrew View Post
Alright you two. I can see where this is going. Both of you state what your background is as to qualify your opinions on the matter and be done with it. (man I love being an instigator)

Come on ugacrew you know what I do for the internet but surfice to say I am currently logged in from a Cisco office, should really be configuring a Nexus 7000 (cool name for a switch) and a couple of 6500s’ but I am taking time off to to save the world from the evil that is anonomous proxies

ex_exile is offline
Old Jul 24th 2008, 3:38 am   #11
Riding on silver wings
ugacrew's Avatar
Joined: Oct 2007
Posts: 10,543
ugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond repute
Default Re: Are proxy servers dangerous?

Quote:
Originally Posted by ex_exile View Post
Come on ugacrew you know what I do for the internet but surfice to say I am currently logged in from a Cisco office, should really be configuring a Nexus 7000 (cool name for a switch) and a couple of 6500s’ but I am taking time off to to save the world from the evil that is anonomous proxies.

Told you I was instigating Bob, your turn.

__________________
“Ad astra per espera” ~ To the stars through difficulties.
ugacrew is offline
Old Jul 24th 2008, 4:41 pm   #12
Forum Regular
Joined: Jul 2008
Location: York, PA
Posts: 121
ldobson will become famous soon enough
Default Re: Are proxy servers dangerous?

Okay guys from the perspective of a Systems Administrator, I would have to say that using a proxy server is no more dangerous than using your local internet service provider. In both circumstances your internet traffic could be intercepted as it can be on any tcp/ip network.

Here’s the distingution, *YOU* decide what sites or services you are accessing with a proxy, and you just have to be mindful that any sites you visit which are not SSL encrypted (https://), that data could be intercepted or ‘sniffed’ and logged. Using a proxy does NOT magically allow the proxy operator to remote control your local PC, or give them any access to your personal data, nor does it allow them to use your computer to access other sites and in most cases your not going to be using a proxy to log in to an online banking website or any other sensative websites.

Problem is proxy’s are slow by nature, even without encryption, so it would not be wise to use a SSL encrypted proxy, as encryption adds ‘overhead’ and overhead slows down the connection even more because everything has to be encrypted packet by packet. And in the case of video, would cripple it sevearly.

So simply pick and choose what you use a proxy for, its not dangerous per se, but it is the end users responsibility to use it wisely.

Just by 2p…

ldobson is offline
Old Jul 24th 2008, 4:47 pm   #13
Forum Regular
Joined: Jul 2008
Location: York, PA
Posts: 121
ldobson will become famous soon enough
Default Re: Are proxy servers dangerous?

Quote:
Originally Posted by ex_exile View Post

Well not really no. What they are trying to proxy wouldnt work from a US based proxy but as I say you wouldnt necessarly know it was US based until you tried it and it didnt work.

I dont think that you understand the phenomona or process of identity cloning and theft. People who use facebook and ebay through proxies are finding that their accounts are being used by imposters as an “in” to their identity from which various bad things start to happen, and who are you going to complain to about this, your friendly local or international anonomous proxy operator? Good luck with that, if they DONT hold logs there is no evidence that your were ever on their proxies in the first place.

They are dangerous Bob plain and simple.

Honestly, I would have to question that. Even via a proxy, the computer authenticating with the website (ebay or facebook) would have to have a cookie with the authentication information, which is computer specific, not internet connectivity specific. The proxy connection alone will not give you access to these accounts, you would need access to a computer which has successfully authenticated with the website previously.

ldobson is offline
Old Jul 24th 2008, 8:29 pm   #14
You call that a moustache
ex_exile's Avatar
Joined: Sep 2006
Location: Heading West..
Posts: 2,060
ex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond repute
Default Re: Are proxy servers dangerous?

Quote:
Originally Posted by ldobson View Post
Honestly, I would have to question that. Even via a proxy, the computer authenticating with the website (ebay or facebook) would have to have a cookie with the authentication information, which is computer specific, not internet connectivity specific. The proxy connection alone will not give you access to these accounts, you would need access to a computer which has successfully authenticated with the website previously.

Thats just plain wrong! You do not need a cookie to “authenticate” (though they can be used to store user ID’s and passwords) to a website, cookies are used for tracking. If you did how would you authenticate first time? How are you able to log into Facebook from different computers??? Cookies are half the problem as they contain user information in plain text which is embeded in the html and hence easily accessed by anyone who happens to be proxying your connection.

Sure your ISP can and does log your activity but your ISP is a big company with a reputation and a physical entity that you can locate and sue if they screw with your identity.

ex_exile is offline
Old Jul 25th 2008, 1:14 am   #15
Forum Regular
Joined: Jul 2008
Location: York, PA
Posts: 121
ldobson will become famous soon enough
Default Re: Are proxy servers dangerous?

Quote:
Originally Posted by ex_exile View Post

Thats just plain wrong! You do not need a cookie to “authenticate” (though they can be used to store user ID’s and passwords) to a website, cookies are used for tracking. If you did how would you authenticate first time? How are you able to log into Facebook from different computers??? Cookies are half the problem as they contain user information in plain text which is embeded in the html and hence easily accessed by anyone who happens to be proxying your connection.

Sure your ISP can and does log your activity but your ISP is a big company with a reputation and a physical entity that you can locate and sue if they screw with your identity.

Right, the cookie is created the first time you log in to the site and can be used later for authentication theres nothing ‘plain wrong’ about it, that’s how websites function and you can have multiple cookies on mutple computers for the same account, however that does not instantly give a proxy that information, as most of these sites are posting to SSL encrypted API’s. For instamce try to log in to facebook, you will find the forms posts to a HTTPS encrypted URL.

Thread Tools
Old Jul 25th 2008, 2:04 am   #16
You call that a moustache
ex_exile's Avatar
Joined: Sep 2006
Location: Heading West..
Posts: 2,060
ex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond repute
Default Re: Are proxy servers dangerous?

Quote:
Originally Posted by ldobson View Post
Right, the cookie is created the first time you log in to the site and can be used later for authentication theres nothing ‘plain wrong’ about it, that’s how websites function and you can have multiple cookies on mutple computers for the same account, however that does not instantly give a proxy that information, as most of these sites are posting to SSL encrypted API’s. For instamce try to log in to facebook, you will find the forms posts to a HTTPS encrypted URL.

But you dont need a cookie to be able to log in do you, the cookie is created as part of the initial login process. You are also wrong about SSL…. Most websites are secured using TLS.

ex_exile is offline

Sponsored Links

Old Jul 25th 2008, 2:21 am   #17
Riding on silver wings
ugacrew's Avatar
Joined: Oct 2007
Posts: 10,543
ugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond repute
Default Re: Are proxy servers dangerous?

Let me add this to the fire. I was using a proxy service just out of experimentation. Of course since packets were going every which way it was slower than molasses on ice in the winter. At any rate I went to my online banking site. Well lo and behold I wasn’t able to log in. Some how or another the negotiation was hosed up. Here are my guesses as to why it terminated as it did. 1.) The authentication server was picking up misinformation based on what it was expecting from the destination. I’m thinking this invalidated the connection. Because of that I feel that the possibility of someone to hijack the session would have been futile at best. 2.) The proxy that I was using was most likely on the black list on their server that determines safe v. dangerous connections. That would be the same server that handles encrypted web traffic. The firewall definitions were not on the general web browser as I was able to get the homepage fired up and was able to enter my credentials from the site. 3.) The connection timed out.So those are my three guesses. It may or may not make you think a bit more. BTW, I don’t think that cookies are the issue. No one has discussed the use of certificates in the authentication process as well.
__________________
“Ad astra per espera” ~ To the stars through difficulties.
ugacrew is offline
Old Jul 25th 2008, 2:37 am   #18
You call that a moustache
ex_exile's Avatar
Joined: Sep 2006
Location: Heading West..
Posts: 2,060
ex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond repute
Default Re: Are proxy servers dangerous?

Quote:
Originally Posted by ugacrew View Post
Let me add this to the fire. I was using a proxy service just out of experimentation. Of course since packets were going every which way it was slower than molasses on ice in the winter. At any rate I went to my online banking site. Well lo and behold I wasn’t able to log in. Some how or another the negotiation was hosed up. Here are my guesses as to why it terminated as it did. 1.) The authentication server was picking up misinformation based on what it was expecting from the destination. I’m thinking this invalidated the connection. Because of that I feel that the possibility of someone to hijack the session would have been futile at best. 2.) The proxy that I was using was most likely on the black list on their server that determines safe v. dangerous connections. That would be the same server that handles encrypted web traffic. The firewall definitions were not on the general web browser as I was able to get the homepage fired up and was able to enter my credentials from the site. 3.) The connection timed out.So those are my three guesses. It may or may not make you think a bit more. BTW, I don’t think that cookies are the issue. No one has discussed the use of certificates in the authentication process as well.

Banks are now pretty good at picking up proxys, there are various ways to determine that you are surfing through a proxy; however because lots of workplaces have proxys banks cant just refuse to let connections through so

1) Probably, but because of a badly configured proxy
2) If it was advertised as a public proxy, yep it would have been blacklisted
3) Configuration, probably a port translation issue. If proxying by overloading an IP address the proxy may not have been able to reply on the correct port requested by your bank.

You used your own bank account? you like to live dangerously dont you ugacrew. Man in the middle attacks are real, they can and do happen.

ex_exile is offline
Old Jul 25th 2008, 2:41 am   #19
Riding on silver wings
ugacrew's Avatar
Joined: Oct 2007
Posts: 10,543
ugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond reputeugacrew has a reputation beyond repute
Default Re: Are proxy servers dangerous?

Quote:
Originally Posted by ex_exile View Post
Banks are now pretty good at picking up proxys, there are various ways to determine that you are surfing through a proxy; however because lots of workplaces have proxys banks cant just refuse to let connections through so1) Probably, but because of a badly configured proxy
2) If it was advertised as a public proxy, yep it would have been blacklisted
3) Configuration, probably a port translation issue. If proxying by overloading an IP address the proxy may not have been able to reply on the correct port requested by your bank.You used your own bank account? you like to live dangerously dont you ugacrew. Man in the middle attacks are real, they can and do happen.

Yup. I’m aware. I know. I was a muppet. However I don’t proxy any more. It takes toooooo flippin’ long to surf.

__________________
“Ad astra per espera” ~ To the stars through difficulties.
ugacrew is offline
Old Jul 25th 2008, 3:15 pm   #20
Forum Regular
Joined: Jul 2008
Location: York, PA
Posts: 121
ldobson will become famous soon enough
Default Re: Are proxy servers dangerous?

Quote:
Originally Posted by ex_exile View Post
But you dont need a cookie to be able to log in do you, the cookie is created as part of the initial login process. You are also wrong about SSL…. Most websites are secured using TLS.

Correct you dont need a cookie to be able to login, the cookie is created after login (if the sites uses cookies). No all sites use cookies.

No No, really TLS is no longer used (old techbology), all Apache and IIS servers now use Secure Socket layer (SSL) and all certificates issuers only support SSL.

ldobson is offline
Old Jul 25th 2008, 3:24 pm   #21
Forum Regular
Joined: Jul 2008
Location: York, PA
Posts: 121
ldobson will become famous soon enough
Default Re: Are proxy servers dangerous?

Quote:
Originally Posted by ugacrew View Post
Let me add this to the fire. I was using a proxy service just out of experimentation. Of course since packets were going every which way it was slower than molasses on ice in the winter. At any rate I went to my online banking site. Well lo and behold I wasn’t able to log in. Some how or another the negotiation was hosed up. Here are my guesses as to why it terminated as it did. 1.) The authentication server was picking up misinformation based on what it was expecting from the destination. I’m thinking this invalidated the connection. Because of that I feel that the possibility of someone to hijack the session would have been futile at best. 2.) The proxy that I was using was most likely on the black list on their server that determines safe v. dangerous connections. That would be the same server that handles encrypted web traffic. The firewall definitions were not on the general web browser as I was able to get the homepage fired up and was able to enter my credentials from the site. 3.) The connection timed out.So those are my three guesses. It may or may not make you think a bit more. BTW, I don’t think that cookies are the issue. No one has discussed the use of certificates in the authentication process as well.

Its possible the bank is using a firewall which has an ACL blacklist for known proxy providers, or perhaps due to network conditions the connection simply failed.

As far as SSL certificates, they really dont have anything to do with authentication, they simply are there to reassure the end user that a third party (ie verisign) has deemed that the site you are connecting to, is in fact what they claim to be, rather than a ‘phishing’ site. SSL (Secure Socket Layer) on a https:// connection is what encrypts the communication, usually with 128 bit encryption, you can either sign your own certificate using openssl or you can purchase a certificate from verisign or some other third party for a few. personally we use geotrust, who provide us 128 bit SSL certs that we use on all our websites.

ldobson is offline
Old Jul 25th 2008, 3:34 pm   #22
Forum Regular
Joined: Jul 2008
Location: York, PA
Posts: 121
ldobson will become famous soon enough
Default Re: Are proxy servers dangerous?

Quote:
Originally Posted by ugacrew View Post
Yup. I’m aware. I know. I was a muppet. However I don’t proxy any more. It takes toooooo flippin’ long to surf.

Yeah probably not a great idea accessing sensative sites using a proxy, but as long as it was a SSL encrypted site (ie; https:// and most banks are), if someone was sniffing the connection, they would be unable to decrypt the data even though it could be logged. If it was not SSL secured then yes, they could log all HTTP traffic passing between the site.

I doubt there are many banks who are not encrypting their sites.

ldobson is offline
Old Jul 25th 2008, 4:30 pm   #23
Lost in BE Cyberspace
Joined: Feb 2004
Posts: 12,053
anotherlimey has a reputation beyond reputeanotherlimey has a reputation beyond reputeanotherlimey has a reputation beyond reputeanotherlimey has a reputation beyond reputeanotherlimey has a reputation beyond reputeanotherlimey has a reputation beyond reputeanotherlimey has a reputation beyond reputeanotherlimey has a reputation beyond reputeanotherlimey has a reputation beyond reputeanotherlimey has a reputation beyond reputeanotherlimey has a reputation beyond repute
Default Re: Are proxy servers dangerous?

Quote:
Originally Posted by ldobson View Post
No No, really TLS is no longer used (old techbology), all Apache and IIS servers now use Secure Socket layer (SSL) and all certificates issuers only support SSL.

No, no, really it’s not!

__________________
Last seen kicking your arse.Been to Disney? Loved Orlando? Want to move to the US? This is for you.
anotherlimey is offline
Old Jul 25th 2008, 5:39 pm   #24
Forum Regular
Joined: Jul 2008
Location: York, PA
Posts: 121
ldobson will become famous soon enough
Default Re: Are proxy servers dangerous?

Quote:
Originally Posted by anotherlimey View Post
No, no, really it’s not!

Alright, Dual at dawn! We`ll settle this then

ldobson is offline
Old Jul 25th 2008, 10:37 pm   #25
You call that a moustache
ex_exile's Avatar
Joined: Sep 2006
Location: Heading West..
Posts: 2,060
ex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond reputeex_exile has a reputation beyond repute
Default Re: Are proxy servers dangerous?

Quote:
Originally Posted by ldobson View Post
No No, really TLS is no longer used (old techbology), all Apache and IIS servers now use Secure Socket layer (SSL) and all certificates issuers only support SSL.

HTTPS security is still refered to as SSL by people who dont know any better but its not, its been TLS for a loooooooong time. SSL was based on SHA and MD5 hash functions which were found to be breakable so it was deprecated by the IETF and replaced with TLS.

ex_exile is offline
See more for SSL