Kevin Mitnick once said in his book, The Art of Deception: Controlling the Human Element of Security:
When trusted employees are deceived, influenced, or manipulated into revealing sensitive information, or performing actions that create a security hole for the attacker to slip through, no technology in the world can protect a business.
I read an interesting story in one article of 2600: The Hacker Quarterly a while ago. The author, who goes by the name Xyzzy narrated his experience about the security holes he came across at Time Warner Cable.
It all began when a schedule was set to fix intermittent downtime on Xyzzy’s cable Internet connection. To his amazement, the technician sat down at his laptop and started checking if his connection is already fixed. Apparently, the technician used a Web browser and opened a URL that’s exclusively used by his company. He then logged on to the page (using his username and password) to check his customer’s status. Afterwards, he closed the browser window and confirmed that the connection was already fixed.
With the recent updates on the Firefox and Opera Web browsers, I wonder which among the popular browsers is the most secure. Secunia has a huge repository of security advisories on a variety of software and what better way to check on the vulnerabilities of Web browsers than to visit the Website? However, it would take me some time and effort to find those specific vulnerabilities considering that Secunia is a huge repository.
I recently read an article from the spring issue of 2600 about avoiding Internet filtering. This method by Major Lump was one I haven’t tried before. I’ve gone through anonymous Web surfing sites such as PageWash or those which give you a list of anonymous proxies or even retrieving sites through e-mail but I haven’t tried the SSL way of accessing blocked Websites.
So how exactly do you access blocked Websites the SSL way? Read on.
