Re: How secure is a public hotspot?

---

• From: rico_001@xxxxxxxxxxx (Rico)
• Date: Fri, 19 May 2006 18:17:09 GMT

---

In article <tjmuj3-dhv.ln1@xxxxxxxxxxxxxxxxxxx>, Derek Broughton <news@xxxxxxxxxxxxxx> wrote:

David Taylor wrote:

As long as the conversation is https it is encrypted end-to-end, i.e.
from
your browser to the server. So however insecure the transmission media
the

I know what you're getting at but just to be awfully pedantic, https is
secure between one endpoint and another. A hacker could potentially
play a man in the middle and send you his certificate in place of that
of the bank. The traffic is then decrypted at his machine and re-
encrypted on the way to the bank.

Of course, this would require that the user click OK on the warning that
says that this certificate is not from a site that you trust etc but

Is IE showing that message by default these days? I know that a number of
sites I use regularly, that have improperly constructed certificates, give
me that message in Firefox & Konqueror, but IE doesn't. But then I usually
only use IE when I hit a website that only works for IE.

It was always the default in IE, you must have changed it at some point in
the past or maybe it was altered for some intranet stuff at the office and
never set back.

could easily catch an unknowing user that doesn't bother to check the
validity of the certificate offered.

It's pretty much standard practice for users to click right through those
messages. Of course, the large number of sites that don't realize you
can't just move these certificates from host to host doesn't help.

fundamentalism, fundamentally wrong.
.

---

• References:
  • How secure is a public hotspot?
    • From: Jim Sant
  • Re: How secure is a public hotspot?
    • From: David Goodenough
  • Re: How secure is a public hotspot?
    • From: David Taylor
  • Re: How secure is a public hotspot?
    • From: Derek Broughton

• Prev by Date: Re: Alternative to Intel PROSet?
• Next by Date: Re: Intruder in my wireless network? / intrusion detection programs
• Previous by thread: Re: How secure is a public hotspot?
• Next by thread: Re: How secure is a public hotspot?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Outlook Anywhere from outside LAN ... I assume I can buy a UCC/SAN certificate. ... Testing Outlook Anywhere using the Autodiscover Service to obtain Settings ... Attempting to Resolve the host name mydomain.com in DNS. ... (microsoft.public.exchange.clients) OpenSSH Certkey (PKI) ... +Certkey allows OpenSSH to transmit certificates from server to client for host ... +are basically signatures made by a certificate authority private key. ... retrieving revision 1.58 ... diff -u -r1.113 auth2.c ... (freebsd-current) Re: SBS 2003 R2 Premium Exchange/Outlook Issue ... I reran CECEIW and issued a new self-signed certificate. ... Attempting to test Autodiscover for dean@xxxxxxxxxxxx ... Attempting to resolve the host name tmcpower.com in DNS. ... (microsoft.public.windows.server.sbs) Re: Resovled - RPC over HTTP Issue ... I reran CECEIW and issued a new self-signed certificate. ... Failed to contact the AutoDiscover service successfully by any ... Testing TCP Port 443 on host tmcpower.com to ensure it is listening ... Tell me more about this issue and how to resolve it ... (microsoft.public.windows.server.sbs) Re: The Tragedy of the Commons ... No certificate, no sending. ... Each individual host would have its own certificate ... The permission could limit size of enclosures, size of text, etc. ... Initiate communications using a sendor write. ... (comp.lang.java.advocacy)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

newsgroups.derkeiler.com  > Archive  > Alt  > alt.internet.wireless  > 2006-05