public internet security
nodata
lsof at nodata.co.uk
Sun May 6 19:39:08 UTC 2007
Am Sonntag, den 06.05.2007, 14:42 -0400 schrieb Paul S:
> Is Mossburg just wrong when he says even https connections aren't safe
> on public internets?
>
> the OP
>
He never wrote that. You inferred that.
The problem is that you don't know that:
i) The router you are using is not malicious
ii) The DNS server you are using is not malicious
If you use HTTPS with a centrally issued certificate, both of these
points are invalid, however once you trust anything from a non HTTPS
site, you are at risk.
An example.
You want to logon to your internet banking app at Chase. You go to
www.chase.com, an HTTP site, and click the "logon" link.
For this example's simplicity, the HTTP www.chase.com site has been
modified by a transparent proxy to change the logon page link from the
real internet banking app to a malicious internet banking app.
You are taken to an HTTPS site called
https://somethingelse.example.com
This site has a valid SSL certificate, and so you received no warnings.
You enter your login details.
More information about the ubuntu-users
mailing list