Comments on: Nokia Xpress Browser servers found to decrypt HTTPS traffic, an update issued

By: Ahmed Mustafa Nematallah

Ahmed Mustafa Nematallah — Mon, 14 Jan 2013 13:49:00 +0000

well, think about it, the browser doesn’t use SSL at all, it’s nokia’s servers that do during the connection with the website, but when connecting to you, it’s insecure, that’s the problem, nokia’s servers MUST decrypt the message before sending it to you in order to be able to compress it, it’s not a real browser, it’s a special browser that doesn’t work with HTTP, HTML, SSL, FTP or any web standards, it mainly deals with some compressed format that nokia makes (and I think it’s prerendered too), so simply

You——->Nokia’s server (not SSL, a missing feature in nokia’s browser)

Nokia’s server——>website (Encrypted, because that’s the real connection, the one that relies on web standards)

to make it even simpler it’s like downloading a webpage on your computer then copying it to your mobile phone, so the computer’s connection to the server is encrypted, but the connection between the mobile phone and the computer isn’t

BTW what would nokia do with your data, they don’t sell it to advertisers like google and facebook

By: DumbFurfag

DumbFurfag — Sun, 13 Jan 2013 21:29:00 +0000

Yes, they don’t literally “crack” it. I should have used a different choice of words.

If I’m right in guessing how it works, the browser forwards the https deciphering key to the servers. The servers decrypt your data (as if it were you doing it) and compress it and send it back to you. It’s completely irrelevant if they re-encipher it, because the security was already compromised, even just in one point (on Nokia’s servers).

No one spying on your connection can intercept https, unless your system is compromised too and they have full access to your computer’s memory. Or unless they have a supercomputer to brute-force crack your encrypted data.

By: Adrian Remus

Adrian Remus — Sun, 13 Jan 2013 19:01:00 +0000

why are you a hater?

By: Mr_Data

Mr_Data — Sun, 13 Jan 2013 07:51:00 +0000

Not the first idiotic act by Nokia:).

By: Mr_Data

Mr_Data — Sun, 13 Jan 2013 07:50:00 +0000

You don’t have a clue! You don’t even bother to read what the person before you wrote.

By: JK

JK — Sat, 12 Jan 2013 19:52:00 +0000

What is the issue? Nokia already said they don’t record the data – thats not how the system was designed.

You any of you seriously think you are being snooped on by Nokia? Get real. And get a life. Nokia has more pressing matters to attend to… such as evaluating their exclusive MS contract.

By: Ahmed Mustafa Nematallah

Ahmed Mustafa Nematallah — Sat, 12 Jan 2013 19:02:00 +0000

why did you buy it (if you even have one)

By: Apple ® Royalty

Apple ® Royalty — Sat, 12 Jan 2013 16:43:00 +0000

We have the iPhone, iPad, and Mac which are the magical things in our life
We see nothing is good beside Apple
We will destroy Samsung and others
We know this
We like this
We love that.

Posted from my iPhone 5.

By: Ahmed Mustafa Nematallah

Ahmed Mustafa Nematallah — Sat, 12 Jan 2013 15:23:00 +0000

guys, it’s not about spying, the HTTPS connection starts at nokia’s servers and ends there, they fetch the page by their servers, so it’s normal for the connection to end there, the connection between the nokia servers and the website is encrypted

the problem is that the connection between you and nokia’s servers isn’t encrypted, which means anyone spying on you can get your information (if they can decode the nokia xpress format), nokia fixed that error, or missing feature, or bug, whatever you call it

for those who think that it isn’t normal, when there is a server between you and the website, the info. must be decrypted there, as it’s resent in a format the application can understand, like in opera mini

to make it simpler, it’s like you sending a mail to a translator, who translates it to another language, he must open it, even if it’s secure, then resend it to your destination, now the translator forgot to resecure it again, so anyone along the path can read the translated unsecured message

BTW if the connection was as you guys thought, how would you know if nokia decrypted the stuff on their servers?

By: Ahmed Mustafa Nematallah

Ahmed Mustafa Nematallah — Sat, 12 Jan 2013 15:11:00 +0000

they didn’t crack the HTTPS, they send it to you decrypted, that’s the problem, anyone spying on your connection would get your personal info.

that was a missing feature, or a bug, whatever you call it, they should’ve encrypted it from the beginning