Quote:
Originally Posted by hidden.platypus
Hi @BR. Figured you would show up eventually.
Ran the hashes early this morning. No matter what I do, I can't download 2.1 64 bit.
On a related note, does anyone know who owns calibre-ebook.com and if it has a https variant?
|
Yep, fair to think that Kovid owns calibre-ebook.com
.
The https site does exist. You will get an untrusted certificate error, as Kovid seems to have assigned himself his certificate, but it exists and will encrypt your traffic.
Quote:
Originally Posted by hidden.platypus
@eschwartz: the OP states he's in Australia. I am not. Relatively sure we don't share the same ISP. Possible that our ISPs use the same practices/routines but. . . I doubt it.
Unless the attacker that's MITM-ing me (or my ISP) is very good I would have detected the attack. I polled a server outside of my ISP to check certificates of some of the sites I visit. I'm not being fed faulty information. Or if I am being fed faulty information, the attacker is being extremely selective.
Doesn't mean I'm not being middled, but if I am . . . you would think they would have a higher priority than calibre.
Wouldn't be a very good vector for anyone attacking me. I only use it to organize my ebook collection. I don't use it to download books. Calibre is almost never running. When it is, I'm using it to add a new e-book, or transfer one from Calibre to my e-reader. Far and away, the calibre-related executable that runs most often on my machine is the installer for whatever version update. I update randomly. Sometimes months go by before I do. So, to make a long story short, Calibre would make one of the worst possible vectors for an attack on me.
I installed/updated 4 other pieces of software today. Had no issues with any of them.
|
I doubt it is a MITM, ISPs have been known to do it as have businesses. All the time.
It would be a transparent proxy, see:
http://en.wikipedia.org/wiki/Proxy_s...nsparent_proxy
Using HTTPS should be enough to get around it -- if that is indeed the problem.