From users-return-4052-daniel=haxx.se@subversion.apache.org Mon Aug 2 18:01:47 2010 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on giant.haxx.se X-Spam-Level: X-Spam-Status: No, score=-1.5 required=3.0 tests=BAYES_00,FREEMAIL_FROM, T_RP_MATCHES_RCVD autolearn=ham version=3.3.1 Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by giant.haxx.se (8.14.3/8.14.3/Debian-9.1) with SMTP id o72G1jAq022237 for ; Mon, 2 Aug 2010 18:01:46 +0200 Received: (qmail 70515 invoked by uid 500); 2 Aug 2010 16:01:36 -0000 Mailing-List: contact users-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@subversion.apache.org Received: (qmail 70504 invoked by uid 99); 2 Aug 2010 16:01:36 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 02 Aug 2010 16:01:36 +0000 X-ASF-Spam-Status: No, hits=2.5 required=10.0 tests=FREEMAIL_FROM,FREEMAIL_REPLY,RCVD_IN_DNSWL_NONE,SPF_PASS Received-SPF: pass (athena.apache.org: domain of istace.emmanuel@hotmail.com designates 65.55.90.144 as permitted sender) Received: from [65.55.90.144] (HELO snt0-omc3-s5.snt0.hotmail.com) (65.55.90.144) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 02 Aug 2010 16:01:30 +0000 Received: from SNT104-DS9 ([65.55.90.136]) by snt0-omc3-s5.snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 2 Aug 2010 09:01:09 -0700 X-Originating-IP: [81.240.50.97] X-Originating-Email: [istace.emmanuel@hotmail.com] Message-ID: From: "Istace Emmanuel" To: "'Les Mikesell'" CC: References: <63382D15-E37D-4E62-8525-ADFFB6327942@ryandesign.com> <9B21F0BBE52BF74DBA71AB889C021DD702FB4315@exisland01.omnifone.com> <004a01cb3241$59243800$0b6ca800$@gmail.com> <006101cb3255$96f26cb0$c4d74610$@gmail.com> In-Reply-To: <006101cb3255$96f26cb0$c4d74610$@gmail.com> Subject: RE: SVN "Relay" Date: Mon, 2 Aug 2010 18:01:06 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQFj9Ca9F9mc29DzENGThWPAXDPlegK6x0qOAqgYyo0ByitWjAEXQEXaAZ5+eRABcwPspALNQOTKATQ/3LGTIhM5oA== Content-Language: fr-be X-OriginalArrivalTime: 02 Aug 2010 16:01:09.0032 (UTC) FILETIME=[EBD6B280:01CB325B] X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.3.5 (giant.haxx.se [80.67.6.50]); Mon, 02 Aug 2010 18:01:46 +0200 (CEST) X-Friend: Nope " Can you point me to something specific?" No problem, here a video (the "fun" side) : http://www.youtube.com/watch?v=3DAak6-B3JORE An article : http://forums.remote-exploit.org/tutorials-guides/19852-ssl-spoof-using-w= ire shark-decode-ssl-packets.html "If you are concerned about your service provider maybe you should use someone else - or a service that lets you run your own system images = where you could set up a blowfish-based vpn." I haven't choose that :( But as i say, it's a temporary solution -----Message d'origine----- De=A0: Les Mikesell [mailto:lesmikesell@gmail.com]=20 Envoy=E9=A0: lundi 2 ao=FBt 2010 17:07 =C0=A0: users@subversion.apache.org Objet=A0: Re: SVN "Relay" On 8/2/2010 8:56 AM, Istace Emmanuel wrote: > " Should I be worried about banking transactions or credit card = orders?" > Yeah :( > > " You could use any kind of VPN you want with the remote site. Use an = > IPSEC tunnel between hosts if you don't trust SSL. Or OpenVPN with blowfish." > No, because the SVN is on a SaaS cloud, so we just have access to the=20 > service and not the system. So we can't install a VPN server and=20 > remember, vpn and ipsec use SSL. Search on google about SSL Spoofing=20 > ;) Can you point me to something specific? I see things about spoofing = some other site's certificate and some things about specific implementations being subject to man-in-the-middle attacks but nothing that looks like a generic weakness. If you are concerned about your service provider (who would have the best opportunity to arrange a man-in-the-middle = connection), maybe you should use someone else - or a service that lets you run your = own system images where you could set up a blowfish-based vpn. -- Les Mikesell lesmikesell@gmail.com