public internet security

nodata lsof at
Sun May 6 19:39:08 UTC 2007

Am Sonntag, den 06.05.2007, 14:42 -0400 schrieb Paul S:
> Is Mossburg just wrong when he says even https connections aren't safe 
> on public internets?
> the OP

He never wrote that. You inferred that.

The problem is that you don't know that:
i) The router you are using is not malicious
ii) The DNS server you are using is not malicious

If you use HTTPS with a centrally issued certificate, both of these
points are invalid, however once you trust anything from a non HTTPS
site, you are at risk.

An example.

You want to logon to your internet banking app at Chase. You go to, an HTTP site, and click the "logon" link.

For this example's simplicity, the HTTP site has been
modified by a transparent proxy to change the logon page link from the
real internet banking app to a malicious internet banking app.

You are taken to an HTTPS site called
This site has a valid SSL certificate, and so you received no warnings.

You enter your login details.

More information about the ubuntu-users mailing list