question regarding SSL
C de-Avillez
hggdh2 at ubuntu.com
Sun Nov 28 21:40:36 UTC 2010
On 11/24/2010 03:46 PM, Arthur Bela wrote:
> If i use https, then my connection "is safe", ok.
>
> I just want to know, that can someone see that what link i'm exactly visiting?
>
> I mean, it can only see, that i'm visiting THISSITE.COM, or it can see
> THISSITE.COM/SOMELINK.html ?
>
> thank you for any info, link :\
Only the standard TCP headers will be clear-text. So, barring:
* man-in-the-middle attacks, or
* use of low-quality encryption and/or SSL2, or
* those sites that mix encrypted/clear-text actions, or
* access to the server-side logs,
nobody will know what you were doing at this site. But, of course,
the IP address will be available.
There are side attacks that may point to possible actions with
greater than random probability: the attacker can go to the same
site you went, and perform a series of actions there; then,
statistical analysis may suggest paths and/or actions (for example,
that the targeted user went to https://<ip>/a/b/c with a probability
of 0.7, etc). But I would not worry much about that -- if I am being
targeted in such an analysis, I will certainly have more pressing
problems...
Cheers,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20101128/7c053ceb/attachment.sig>
More information about the ubuntu-users
mailing list