Re: How secure is a public hotspot?
- From: rico_001@xxxxxxxxxxx (Rico)
- Date: Fri, 19 May 2006 18:17:09 GMT
In article <tjmuj3-dhv.ln1@xxxxxxxxxxxxxxxxxxx>, Derek Broughton <news@xxxxxxxxxxxxxx> wrote:
David Taylor wrote:
As long as the conversation is https it is encrypted end-to-end, i.e.
your browser to the server. So however insecure the transmission media
I know what you're getting at but just to be awfully pedantic, https is
secure between one endpoint and another. A hacker could potentially
play a man in the middle and send you his certificate in place of that
of the bank. The traffic is then decrypted at his machine and re-
encrypted on the way to the bank.
Of course, this would require that the user click OK on the warning that
says that this certificate is not from a site that you trust etc but
Is IE showing that message by default these days? I know that a number of
sites I use regularly, that have improperly constructed certificates, give
me that message in Firefox & Konqueror, but IE doesn't. But then I usually
only use IE when I hit a website that only works for IE.
It was always the default in IE, you must have changed it at some point in
the past or maybe it was altered for some intranet stuff at the office and
never set back.
could easily catch an unknowing user that doesn't bother to check the
validity of the certificate offered.
It's pretty much standard practice for users to click right through those
messages. Of course, the large number of sites that don't realize you
can't just move these certificates from host to host doesn't help.
fundamentalism, fundamentally wrong.
- Prev by Date: Re: Alternative to Intel PROSet?
- Next by Date: Re: Intruder in my wireless network? / intrusion detection programs
- Previous by thread: Re: How secure is a public hotspot?
- Next by thread: Re: How secure is a public hotspot?