View Single Post
Old 15th March 2009
ai-danno's Avatar
ai-danno ai-danno is offline
Spam Deminer
 
Join Date: May 2008
Location: Boca Raton, Florida
Posts: 284
Default

I think the breakdown is that https/ssl is used for logins on websites where the subsequent traffic will be https/ssl (in most cases, anyway. If you do happen upon a site that authenticates you 'in the clear' (via regular http) look for an explanation as to why, or don't surf there any more thinking you're secure.)

So what jggimi's saying is that it's not simply or specifically your authentication credentials that are risk, but all potentially all transmissions. And he's right. However, as I've mentioned on this subject in other threads in the past, I don't feel that this is likely to happen, or happen with any regularity. Put bluntly, MITM attacks are exotic and rare, and require a position in the path of traffic.

The idea of MITM attacks are normally for very specific incidents of highly anticipated traffic- in other words, a person conducting a MITM attack would have to anticipate a site you might surf to, have a full mock-up for the sign-in section of that site, and then wait and redirect (or copy and pass) that intended traffic to the mock-up to steal your information. If they were actually impersonating the sites (phishing) and not just doing a "copy and pass" of the traffic, they would also have to redirect any ssl certificate verification traffic to mock-ups of those verification sites, so that ssl certificate checks to the bogus sites would be approved by your browser. While the attacker waited for those sites to be called up, they would have to not redirect all other traffic (or re-redirect it lol) so you wouldn't think anything's wrong. That's pretty involved, and would involve a compromised or otherwise malicious network device in the path of your traffic to that particular site. That's a really low probability (albeit increased very significantly with unencrypted wireless connections.)

Aside from unencrypted wireless considerations, I would say as a network/security administrator that your potential weak points of security lie less in the paths of communication for endpoints, and more in the endpoints themselves. Your home LAN, the bank's servers, or the insurance company's database- these are the places where the vast majority of breaches of security take place. So be careful who you communicate with, and be sure your own house is in order.

Oh, and don't do your banking at while sipping a latte at Starbucks
__________________
Network Firefighter

Last edited by ai-danno; 15th March 2009 at 06:11 AM. Reason: it's copy and pass, not pass and copy!
Reply With Quote