Added ‘over SSL’ version in response to the ‘Telnet’ ad thread, ‘Yanke plain text’ referred to Yajima no Mori-Mado no Mori

Yesterday, you mentioned that Internet Technology and Internet Freedom Research Institute’s online advertisements are being made using “Telnet”, but there seems to be a complaint that it’s a “plain text connection even though it claims security”. In response, it appears that a “TELNET over SSL” version was issued immediately.

It seems that TELNET’s electronic announcement finally released TELNETS (TELNET over SSL) today in response to the voice saying “TELNET is dangerous because it is not encrypted”.

opens s_client -connecthttps://t.co/FFDjjLWa3E

It looks like you can connect via SSL.pic.twitter.com/Lso2Zo68Xh

– Daewoo Nobori (@dnobori)September 6, 2023

Install “OpenSSL” to view electronic public notices of the “TELNET over SSL” version.

“OpenSSL” is required to view the “TELNET over SSL” version of electronic public notifications in Windows 11 environment. Type the following command in Command Prompt etc. and quickly install it.

By the way, “winget” is a command from the Windows Package Manager for the Windows platform developed by Microsoft. It’s easy to install different apps with a single command like this.

“winget” can be used without administrator privileges, but in this case, be aware that a UAC dialog will be displayed when installing a package (application). The downloaded “OpenSSL” package isBinaries distributed with “Shining Light Productions”. Although not provided by the OpenSSL project itself, it is a widely used distro and appears to be quite reliable.

After the installation of “OpenSSL” is complete, find “Win64 OpenSSL Command Prompt” from the OpenSSL command prompt screen[ابدأ]And turn it on. Go to the installation folder (C:\Program Files\OpenSSL-Win64\bin) using Command Prompt or pass the path to the folder (folder history in[المسار]for the environment variable) and open “openssl.exe” directly. However, if the version, etc. is displayed, then “OpenSSL” is installed correctly.

Locate and run “Win64 OpenSSL Command Prompt”.

After making sure that OpenSSL can start, change the code page to UTF-8. This is because electronic public notices are delivered in “UTF-8” encoding. The default value of “Command Prompt” is “Shift JIS” encoding, so you need to change it to display without garbled characters.

All you have to do is connect to “koukoku.shadan.open.ad.jp” with the “OpenSSL” client (s_client).

openssl s_client -connect koukoku.shadan.open.ad.jp:992

Rewrite the code page and use “openssl s_client -connect”

However, according to the Cyber ​​Technology and Internet Freedom Study Group, in response to the pointing out that “Telnet is plain text and the communication path is unencrypted, there is a security vulnerability (man-in-the-middle attack fear”) that the contents of the communication can be tampered with.” It’s not ‘reasonable’. .

This is because no matter how well it is protected by server certificates and encryption, the core of the Internet is nothing more than a bucket brigade “roughly composed of a gentleman’s agreement trust model”, and attacks such as BGP hijacking cannot be prevented. In other words, “Telnet” and “HTTPS” can be manipulated. HTTPS, where anything can be posted, can lead to client hijacking if the content is tampered with, but Telnet, which uses only plain text, has no such fear.

In addition, the study group has responded to each point that users have referred to as “appendices”, and at the time of writing the number of appendices has increased to eight (in the case of the “TELNET over SSL” version).

1. Reply to the point Telnet may also have vulnerabilities (09/01/2023 (Mon))
2. Telnet is plain text, the answer to the point where TLS encryption should be done (09/05/2023 (Tuesday) 14:20)
3. Answer to the question of whether content should be delivered in plain text even over HTTP/HTTPS connections (09/05/2023 (Tuesday) 19:15)
4. The first released Telnet server uses the “Shift JIS” character code, but the answer to the point should use “UTF-8” (2023/09/05 (Tuesday) 20:45)
5. Response to the objection to the need to use the Gopher protocol (09/05/2023 (Tuesday) 21:13)
6. When I picked up a packet from the Telnet distribution server, I found that only one TCP packet was used per character. /05 (Tuesday) 22:20)
7. Answer to the problem of attaching an access counter to the electronic public notification, but if there are users posting screenshots on SNS, it is possible to determine the IP address by comparing it to the log (09/06/2023 (Wed) 06:15)
8. Respond to Complaint of System Alert When Connecting to “Telnet” (09/06/2023 (Wed) 07:34)

It takes a lot of time to view all of them, but it is very interesting, so please check it out with your own eyes.