Raceism, specifically centering around skin colour and related features, is actually pretty recent and pretty Western.
If I may take a guess, it's also because up until historically recently, larger groups of ethnicities didn't know that other such groups existed. To be racist, you need to be aware of people you'd clarify as another race
Das Problem, das ich hier immer sehe, ist, dass hier die Illusion aufgebaut wird, Email könnte irgendwie ein sicheres Protokoll sein. Immerhin hat das BSI z.B. Gmail die perfekte 5/7 gegeben! Oder mit weniger Witz, web.de 7/7. Nirgendwo in dem Text lese ich, dass Email nicht genutzt werden sollte, wenn es um wirklich sicher zu haltende Daten geht.
Dazu kommt noch, dass der Test, den das BSI hier macht, aus meiner Sicht zum Teil gar nicht relevant ist:
E-Mails sind immer noch der beliebteste Angriffsweg für viele gängige Methoden der Cyberkriminalität. Täter versuchen, mit Phishing-Mails Daten zu erbeuten und Schadsoftware zu verteilen. Sie fangen E-Mails auf dem Weg von Ihrem E-Mail-Postfach zum Empfänger ab - ähnlich wie ein Brief, der während der Zustellung geöffnet werden könnte. Nicht zuletzt verwenden Cyberkriminelle gestohlene Zugangsdaten, um sich in Accounts einzuloggen, mit denen sie Daten und Geld beschaffen, online betrügen oder weitere Straftaten begehen.
Meines Erachtens nach ist der gängigste Weg, dass sich Zugriff zur internen IT verschafft wird und dann E-Mail-Konten von Firmen gekapert werden. Auch Phishing lässt sich mit den Methoden nicht komplett verhindern, was aber ein Problem ist, das alle Protokolle haben, die Nachrichten von beliebiger Quelle erlauben. Das tatsächliche Abfangen von Mails wird sich allerdings für die meisten gewöhnlichen Kriminellen als schwierig erweisen. Nur die Absicherung von Accounts z.B. mit Hardware-Token ist wirklich etwas, was tatsächlich Sicherheit bringt.
Die Absicherung von E-Mail auf dem Transportweg ist ein Securitytheater. Es kann prinzipiell nicht funktionieren. Wenn man Mails so behandelt, ist das auch OK. Aktionen wie diese hier tragen aber zum Gegenteil bei.
Meine Meinung zu Mail ist, dass das eh ein kaputtes Protokoll ist, das zu einer Zeit entstanden ist, als man es noch nicht besser wissen konnte. Alle zusätzlichen Maßnahmen sind letztendlich nur Lippenstift am Schwein, man bekommt das Protokoll nicht Ende-zu-Ende sicher nach heutigen Maßstäben.
Witzigerweise wird ja aber dann für sicherheitsrevelante Dinge zum Teil auf noch unsichere Wege zurückgegriffen, wie z.B. SMS.
Client data absolutely is encrypted in TLS. You might be thinking of a few fields sent in the clear, like SNI, but generally, it's all encrypted.
I never said it isn't, but it's done using symmetric crypto, not public key (asymmetric) crypto.
Asymmetric crypto is used to encrypt a symmetric key, which is used for encrypting everything else (for the performance reasons you mentioned).
Not anymore, this was only true for RSA key exchange, which was deprecated in TLS 1.2 ("Clients MUST NOT offer and servers MUST NOT select RSA cipher suites"). All current suites use ephemeral Diffie-Hellman over elliptic curves for key agreement (also called key exchange, but I find the term somewhat misleading).
As long as that key was transferred securely and uses a good mode like CBC, an attacker ain't messing with what's in there.
First, CBC isn't a good mode for multiple reasons, one being performance on the encrypting side, but the other one being the exact reason you're taking about: it is in fact malleable and as such insecure without authentication (though you can use a CMAC, as long as you use a different key). See https://pdf-insecurity.org/encryption/cbc-malleability.html for one example where this exact property is exploited ("Any document format using CBC for encryption is potentially vulnerable to CBC gadgets if a known plaintext is a given, and no integrity protection is applied to the ciphertext.")
As I wrote in my comment, I was a bit pedantic, because what was stated was that encryption protects the authenticity, and I explained that, while TLS protects all aspects of data security, it's encryption doesn't cover the authenticity.
Anyhow, the point is rather moot because I'm pretty sure they won't get a certificate for the IP anyways.
Public key crypto, properly implemented, does prevent MITM attacks.
It does, but modern public key crypto doesn't encrypt any client data (RSA key exchange was the only one to my knowledge). It also only verifies the certificates, and the topic was about payload data (i.e. the site you want to view), which asymmetric crypto doesn't deal with for performance reasons.
My post was not about "does TLS prevent undetected data manipulation" (it does), but rather if it's the encryption that is responsible for it (it's not unless you put AES-GCM into that umbrella term).
Let's Encrypt are rolling out IP-based certs, you may wanna follow its development. I'm not sure if it could be used for your forwarded VPN port, but it'd be nice anyhow
It shouldn't be because you're not actually the owner of the IP address. If any user could get a cert, they could impersonate any other.
I believe encryption helps prevent tampering the data between the server and user too. It should prevent for example, someone MITM the connection and injecting malicious content that tells the user to download malware
No, encryption only protects the confidentiality of data. You need message authentication codes or authenticated encryption to make sure the message hasn't been transported tampered with. Especially stream ciphers like ChaCha (but also AES in counter mode) are susceptible to malleability attacks, which are super simple yet very dangerous.
Edit: this post is a bit pedantic because any scheme that is relevant for LE certificates covers authenticity protection. But it's not the encryption part of those schemes that is responsible.
What surely is interesting is that Microsoft was somehow somewhat visionary with their usage of browser technology for the desktop. We see Windows Update running in the browser, there was Active Platform which included Active Desktop (very prone to crashes), they had ActiveX (shudder). In a way all ideas they abandoned but that were implemented somewhere else later and better. Not saying these ideas were good.
Getting retroactively jealous here. I was in 56 kbit/s until ADSL hit. But hey, had full duplex gigabit Ethernet Internet at University from 2007 until 2011 to make up for it. It's never been the same since
2.5MB in 14 seconds, don't think I've seen such a high download speed on Windows 9X in my life
I don't miss those times, the 9X series was so bad, MS was right to ditch it after canning ME. Bluescreens, a shitty filesystem, no concept of security, dll hell, every time someone comes along with "remember how simple / great computing was back in the day" I want to scream in their face
I guess they think that no matter what happens, they can spin it in a positive light.
A reaction from affected countries: "See? We knew Ukraine is controlled by NATO powers, they operate within Ukrainian borders! We must continue and fight the threat!"
No reaction: "See? They know that Russia has the superior military! They don't date to strike anyways, we can continue in Ukraine without them retaliating!"
Of course, both these statements are dumb, but they'll use something like these for internal consumption.
If I may take a guess, it's also because up until historically recently, larger groups of ethnicities didn't know that other such groups existed. To be racist, you need to be aware of people you'd clarify as another race