free
/
freedombone
Sledovat 1
Oblíbit 0
Rozštěpit 0
Zdrojový kód Úkoly 0 Požadavky na natažení 0 Vydání 0 Wiki Activity
Procházet zdrojové kódy

HTTPS

Bob Mottram před 11 roky
rodič
ba001abf5e
revize
f45ca4e2db
1 změnil soubory, kde provedl 6 přidání a 1 odebrání
Jednotný pohled Ukázat statistiku rozdílových dat
  1. 6
    1
      beaglebone.txt

+ 6
- 1
beaglebone.txt Zobrazit soubor

132 
 #+END_SRC
 132 
 #+END_SRC
133 
 *** Passwords
 133 
 *** Passwords
134 
 It's highly recommended that you use a password manager, such as KeepassX, and make all your passwords long random strings.  It's also a good idea to use different passwords for different pieces of software, instead of one or two passwords for the whole system.  That compartmentalises the security such that even if an attacker gains access to one system they can't necessarily get access to others.
 134 
 It's highly recommended that you use a password manager, such as KeepassX, and make all your passwords long random strings.  It's also a good idea to use different passwords for different pieces of software, instead of one or two passwords for the whole system.  That compartmentalises the security such that even if an attacker gains access to one system they can't necessarily get access to others.
135 
+*** HTTPS
136 
+Throughout these instructions self signed SSL certificates are used to implement access to web pages via HTTPS.  The whole HTTPS security model upon which much of the internet currently rests seems broken in that it usually depends upon "trusted certificate authorities" who are not really trusted, except perhaps by the maintainers of certain web browser software.  So all that HTTPS really guarantees is that you have an encrypted connection, but an encrypted connection /to who/ can be subject to doubt.  As was seen in 2013 with the [[https://www.schneier.com/essay-455.html][information coming from Edward Snowden]], and also the [[http://en.wikipedia.org/wiki/Lavabit][Lavabit email service]], it's possible for companies/organisations to be compromised or bribed and SSL private keys for all users can be demanded using gagging orders or secret laws without any individual user ever being able to know that their communications is no longer secure..
137 
+
138 
+Not knowing who you're really connecting to is especially true for self-signed certificates, so it is in principle possible that when logging into a site with a username and password a system such as [[http://arstechnica.com/tech-policy/2013/11/uk-spies-continue-quantum-insert-attack-via-linkedin-slashdot-pages/][Quantum Insert]], or a compromised [[http://en.wikipedia.org/wiki/Domain_Name_System][DNS service]], could be used to direct the user to a fake copy of the login screen for the purposes of obtaining their login details.  While this doesn't seem to be a major problem at the time of writing it's something to keep in mind.  So if you can't log in or if you log in and what you see doesn't look like your site then it's possible that such a compromise could have taken place.  Using a password manager with different login details for each site is one way to ensure that if one system is compromised then the attacker can't necessarily get access to all your other stuff.
135 
 ** Initial
 139 
 ** Initial
140 
+
136 
 Plug the microSD card into the BBB and Connect the USB cable to your laptop/desktop, then login via ssh.
 141 
 Plug the microSD card into the BBB and Connect the USB cable to your laptop/desktop, then login via ssh.
137
142
138 
 #+BEGIN_SRC: bash
 143 
 #+BEGIN_SRC: bash
906 
 ** Setting up a web site
 911 
 ** Setting up a web site
907
912
908 
 #+BEGIN_VERSE
 913 
 #+BEGIN_VERSE
909 
-/I hope we will use the Net to cross barriers and connect cultures./
914 
+/It's important to have the geek community as a whole think about its responsibility and what it can do. We need various alternative voices pushing back on conventional government sometimes./
910
915
911 
 -- Tim Berners-Lee
 916 
 -- Tim Berners-Lee
912 
 #+END_VERSE
 917 
 #+END_VERSE