question regarding SSL

Nathan Bahn nathan.bahn at gmail.com
Mon Nov 29 02:38:34 UTC 2010


On Sun, Nov 28, 2010 at 4:40 PM, C de-Avillez <hggdh2 at ubuntu.com> wrote:

> On 11/24/2010 03:46 PM, Arthur Bela wrote:
> > If i use https, then my connection "is safe", ok.
> >
> > I just want to know, that can someone see that what link i'm exactly
> visiting?
> >
> > I mean, it can only see, that i'm visiting THISSITE.COM, or it can see
> > THISSITE.COM/SOMELINK.html ?
> >
> > thank you for any info, link :\
>
> Only the standard TCP headers will be clear-text. So, barring:
>
> * man-in-the-middle attacks, or
> * use of low-quality encryption and/or SSL2, or
> * those sites that mix encrypted/clear-text actions, or
> * access to the server-side logs,
>
> nobody will know what you were doing at this site. But, of course,
> the IP address will be available.
>
> There are side attacks that may point to possible actions with
> greater than random probability: the attacker can go to the same
> site you went, and perform a series of actions there; then,
> statistical analysis may suggest paths and/or actions (for example,
> that the targeted user went to https://<ip>/a/b/c with a probability
> of 0.7, etc). But I would not worry much about that -- if I am being
> targeted in such an analysis, I will certainly have more pressing
> problems...
>



I am curious:  Would the use of an anonymous proxy server enhance or detract
from the security considerations as related to by the original poster?
(i.e.:  Would an anonymous proxy server increase or reduce his security?)

--N.B.
-- 
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20101128/beb880b7/attachment.html>


More information about the ubuntu-users mailing list