Re: Recovery of compromised WebID

Hi Jonas,

On 03.03.19 10:47, Jonas Smedegaard wrote:
> There might be ways_specifically_  to how TLS to tied to WebID, and
> those might be flawed.  Which is what you found a document about.  But
> that document does not cover all the*other*  ways you can gain control
> over my WebID, including simply showing up at my doorstep and kick me in
> the face with a bat until I hand over the private TLS key, or burn down
> my house (it is made of wood) to stop my server from running.
That is a direct personal attack. This will always work, but it is more 
difficult, unnecessary and less elegant:
* I still need to know where you live in RL, but I already have an 
outline of your server and can scout for weaknesses, I know where you 
live online.
* I really don't need your private key at the moment, server access 
seems to be enough, much easier, then I can use the one I generated.
* You would only notice the hack, when it is too late, but I think you 
would notice the bat in your face right away

I went to 4chan.org some years ago and saw a post with admin passwords 
of some websites/servers with the words "Do some damage!". I think, they 
also allow to upload small files like the replaced private key or I make 
a new self-signed .pfx file, which they can upload in their browsers.

-- 
All the best,
Sebastian Hellmann

Director of Knowledge Integration and Linked Data Technologies (KILT) 
Competence Center
at the Institute for Applied Informatics (InfAI) at Leipzig University
Executive Director of the DBpedia Association
Projects: http://dbpedia.org, http://nlp2rdf.org, 
http://linguistics.okfn.org, https://www.w3.org/community/ld4lt 
<http://www.w3.org/community/ld4lt>
Homepage: http://aksw.org/SebastianHellmann
Research Group: http://aksw.org