Re: Wachovia's web page security


Terry wrote:
> Gordon Burditt wrote:
> > >I understand that anyone can get an SSL certificate. Is it not true
> > >that if you are using a SSL site for identity theft that you will be
> > >prosecuted?
> >
> > If I get a SSL certificate in the name of my company, "Scams 'R
> > Us", on what grounds would they have to prosecute me related to the
> > SSL cert? Since few people actually bother to look at the name in
> > the cert, it would probably be just as effective. And I'm not
> > committing fraud if that really *IS* the name of my company.
> >
> > Now, if I got one with the name of the company I'm pretending to
> > be by presenting fake documents to the cert authority, they
> > could prosecute for that. But it isn't necessary.
> >
> > Actual identity theft does not require a cert to prosecute.
> >
> > Gordon L. Burditt
>
> The point is that having a SSL page does offer some security. Going to
> a site that doesn't have one, like Wachovia, and entering you personal
> information is asking to be taken. At least having an SSL certificate
> subjects you to ligation if you use it for a crime.

I don't think you understand what SSL security is. All is does is
allow the browser to encrypt the information that you're posting to the
server, and generate some handshaking to make sure where it's posting
to is who they say.

But that doesn't mean the people receiving the information at the other
end aren't unscrupulous.

.

Relevant Pages

  • Re: Exchange 2003 ActiveSync, Sprint PPC-6700 and SSL: Giving me an ul
    ... I am having problems with the Sprint PPC-6700 utilizing Exchange ActiveSync over the Sprint Dialup connection on SBS 2003. ... Whereas previous versions were a bit liberal in what they accepted, the current version apparently wants an exact SSL. ... Based on some postings on a few other boards, I tried to copy the SSL certificate onto the PDA. ... When I sync with this cert, it tells me it needs a cert with the correct name... ...
    (microsoft.public.windows.server.sbs)
  • Re: SSL Host Headers IIS 6.0
    ... Also can I use a wild card cert if the two domain names are completely ... > You have two SSL sites with different certificates/identities. ... Each website has distinct IP:Port and distinct SSL Certificate ... > much like standard http on port 80 where it allows you to share the same ...
    (microsoft.public.inetserver.iis.security)
  • Re: Microsoft Direct Push / Active Sync - cant get it working
    ... Great to hear that you got it all working on port 80! ... Sorry I'm not too familiar with the way SSL certificates are created and installed, so I can't be much help from here on out. ... I decided to see if I could get an SSL cert in place, ...
    (microsoft.public.pocketpc)
  • Re: Another day, another useless error dialog (subtitled the connection wizard fails after ISA 2004
    ... The installation appears to have worked (ISA is up and running) but the configuration wizard fails at the firewall configuration and the secure web site configuration. ... Call to Publishing client help for RUP returned ok. ... Require SSL for Remote Portal: ... Opening the cert store returned OK ...
    (microsoft.public.windows.server.sbs)
  • Re: 400 Bad Request Error
    ... Thanks for the reply,it does not look like the partner is using 2 different ... I have that cert imported into my trusted people certificate store for the ... I tried adding a client cert and without one and it is the same result.I do ... use a SSL connection on a different certificate. ...
    (microsoft.public.biztalk.server)