HTTPS (SSL TLS or.. YEAH)

Post Reply
N0PKT
Posts: 17
Joined: Thu Apr 13, 2017 5:45 pm

HTTPS (SSL TLS or.. YEAH)

Post by N0PKT » Fri Jun 23, 2017 2:53 am

Re-opening this one, never saw any kind of a response really... but it should be fairly trivial to enable https using a self signed certificate or set it up as an option after initial setup...

Again, I realize that this is not a critical piece of hardware, but it falls into the "IoT" and when bad guys are using refrigerators and other "IoT" devices to perpetrate evil, I would rather err on the side of caution than have my OpenSpot used for nefarious things such as:
http://www.popularmechanics.com/technol ... os-attack/
:mrgreen:

milehigher
Posts: 74
Joined: Fri Jan 13, 2017 4:27 am

Re: HTTPS (SSL TLS or.. YEAH)

Post by milehigher » Wed Jun 28, 2017 7:47 am

Why not do something smart like unplug it when not in use!

Sent from my SM-T810 using Tapatalk


N0PKT
Posts: 17
Joined: Thu Apr 13, 2017 5:45 pm

Re: HTTPS (SSL TLS or.. YEAH)

Post by N0PKT » Fri Jul 07, 2017 4:35 pm

Great in theory, but I use my OpenSpot regularly, including on unsecured networks to get access... What you suggest is effectively security by obscurity and has been proven time and time and...wait for it.... time again to be ineffective...

N0PKT
Posts: 17
Joined: Thu Apr 13, 2017 5:45 pm

Re: HTTPS (SSL TLS or.. YEAH)

Post by N0PKT » Tue Oct 03, 2017 8:47 pm

Bump

EI5HPB
Posts: 2
Joined: Fri Sep 29, 2017 10:21 pm

Re: HTTPS (SSL TLS or.. YEAH)

Post by EI5HPB » Thu Oct 05, 2017 5:44 pm

I have a question, what confidential information do you have on your OpenSPOT?

Also you do realize that the IoT DDoS had nothing to do with SSL encryption or not right?

N0PKT
Posts: 17
Joined: Thu Apr 13, 2017 5:45 pm

Re: HTTPS (SSL TLS or.. YEAH)

Post by N0PKT » Fri Oct 06, 2017 3:41 pm

I am aware that the IoT had nothing to do with SSL indeed. This said security is something that should be considered as a whole is the point that I poorly articulated. And the only confidential information that I send is the authentication password. When I use my openspot on a public network I would prefer that someone not be able to trivially intercept my password if I authenticate and then in turn be able to get into the openspot's administrative interface.

It should be trivial to implement SSL; just about every single programming language these days already has a library (or module) that makes this a very straightforward process, from Perl to GoLang to C and beyond....

kc8dhy
Posts: 3
Joined: Tue May 23, 2017 5:56 pm

Re: HTTPS (SSL TLS or.. YEAH)

Post by kc8dhy » Thu Oct 26, 2017 3:02 am

I will +1 this, I think it's valuable to have a secure option. At the very least I'd wager there are lots of people who set their password as the same thing for everything. That alone plugged in to a hotel network while traveling could result in some bad things.

Post Reply