LBRYFoundation/lbry.com
1
0
Fork 0
mirror of https://github.com/LBRYFoundation/lbry.com.git synced 2025-08-31 09:21:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Mixed content weakens HTTPS fix9 (#619)

Browse source 
Mixed content weakens HTTPS
Requesting subresources using the insecure HTTP protocol weakens the security of the entire page, as these requests are vulnerable to man-in-the-middle attacks, where an attacker eavesdrops on a network connection and views or modifies the communication between two parties. Using these resources, an attacker can often take complete control over the page, not just the compromised resource.

Although many browsers report mixed content warnings to the user, by the time this happens, it is too late: the insecure requests have already been performed and the security of the page is compromised. This scenario is, unfortunately, quite common on the web, which is why browsers can't just block all mixed requests without restricting the functionality of many sites.
This commit is contained in:
Udit Patel 2018-06-11 01:17:29 +05:30 committed by Thomas Zarebczan
parent 965f386fb6
commit 84340c1e4c
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
content/news/28-the-dmcas-chilling-effect-on-security-research-and-innovation.md
View file

@ -4,9 +4,9 @@ title: The DMCA's Chilling Effect on Security Research and Innovation
date: '2016-01-14 16:31:51'
---
You walk into a Barnes and Noble, pick up a copy of *[Look Me in the Eye](http://www.amazon.com/Look-Me-Eye-Life-Aspergers/dp/0307396185)*, hand the cashier money, and leave the store. The book now belongs to you, right? Of course, it does. You are free to write notes in the margins, sell it second-hand to a friend, or even rip it up if you felt so inclined. What you cant do is copy portions of it and claim them as your own work; you own your copy of the book, but not the copyright.
You walk into a Barnes and Noble, pick up a copy of *[Look Me in the Eye](https://www.amazon.com/Look-Me-Eye-Life-Aspergers/dp/0307396185)*, hand the cashier money, and leave the store. The book now belongs to you, right? Of course, it does. You are free to write notes in the margins, sell it second-hand to a friend, or even rip it up if you felt so inclined. What you cant do is copy portions of it and claim them as your own work; you own your copy of the book, but not the copyright.
<p style="text-align: center;"><img src="http://i.imgur.com/9n0MQwP.jpg" alt="The Battle of Copyright"></p>
<p style="text-align: center;"><img src="https://i.imgur.com/9n0MQwP.jpg" alt="The Battle of Copyright"></p>
This is pretty straightforward and doesnt violate most peoples understanding of copyright and ownership. But let's say you skipped the Barnes and Noble and instead went to Walmart to buy a Sony PS3. Is it any different? Actually it is.
@ -14,9 +14,9 @@ When the PS3 was released, many tech enthusiasts were eager to buy such a powerf
Copyright has gone far beyond its original intent and beyond how most people understand it to work. Instead of being used to prevent copying, it is now also used to prevent modification even if there is no commercial angle to the modification and the only purpose is better satisfying the desires of the owner. Maybe taking notes in the margin of your favorite book isnt so clearly legal after all; the fact that such an argument could be made demonstrates the ridiculousness of the DMCA and how it hurts customers.
Auto manufacturers have exploited the you-own-what-you-buy-except-for-when-we-dont-like-how-you-use-it DMCA too. Want to reprogram your cars engine control unit? You might be violating the DMCA. Really, any work done on the electronics in a car risks violating the DMCA. This exposed tinkerers and independent shops alike to a tremendous risk, leaving official dealerships as the only safe route for these repairs. But fret not, all of that changed this past fall. In a first, [the government has issued an exception to the DMCA](http://stfi.re/dbgdwo) to explicitly allow tinkering with automotive electronics and software.
Auto manufacturers have exploited the you-own-what-you-buy-except-for-when-we-dont-like-how-you-use-it DMCA too. Want to reprogram your cars engine control unit? You might be violating the DMCA. Really, any work done on the electronics in a car risks violating the DMCA. This exposed tinkerers and independent shops alike to a tremendous risk, leaving official dealerships as the only safe route for these repairs. But fret not, all of that changed this past fall. In a first, [the government has issued an exception to the DMCA](https://stfi.re/dbgdwo) to explicitly allow tinkering with automotive electronics and software.
So what pushed the government to do this? In large part, it was the recent Volkswagen scandal. The Electronic Frontier Foundation (EFF) [argued that the DMCA had prevented independent shops and tinkerers from testing and identifying VWs deception](http://stfi.re/beoyap) for years and the government listened. That said, its a real shame that it takes a very public deception being uncovered to change the law. And it raises the question how much deception, negligence, and incompetence is still being covered up in all of the areas without a DMCA exemption? Dont expect an answer, because as the EFF has pointed out, the DMCA has a chilling effect on security research.
So what pushed the government to do this? In large part, it was the recent Volkswagen scandal. The Electronic Frontier Foundation (EFF) [argued that the DMCA had prevented independent shops and tinkerers from testing and identifying VWs deception](https://stfi.re/beoyap) for years and the government listened. That said, its a real shame that it takes a very public deception being uncovered to change the law. And it raises the question how much deception, negligence, and incompetence is still being covered up in all of the areas without a DMCA exemption? Dont expect an answer, because as the EFF has pointed out, the DMCA has a chilling effect on security research.
Researchers of both the academic and DIY types steer clear of looking for such problems, because by finding them they may violate the DMCA and come under legal pressure. That means the only major efforts to root out security vulnerabilities and misrepresentations are under the table, and the hackers doing such work dont tend to have the good of the public in mind.