View Single Post
Old 13th August 2008
ai-danno's Avatar
ai-danno ai-danno is offline
Spam Deminer
 
Join Date: May 2008
Location: Boca Raton, Florida
Posts: 284
Default

Quote:
Originally Posted by 18Googol2 View Post
Im a bit suprised about this statement, given what you have posted in this forum, you appears to be an experienced sys admin(no offence). Dont even think about SSL >= security, access can be gained over SSL.

No offense taken, in fact I appreciate the comment. But when you mention your wariness about SSL security, are you referring to a "man-in- the-middle" or attack? I think that those are do-able for sure, but I assume a low risk on them. Of course, low-risk is not no-risk, and I have not personally shopped online or done any online banking from a wireless hotspot. Also, the risk for a "man-in-the-middle" is also present on wired network paths, not just wireless, but again, the risk is low, and depends on the target website's implementation of SSL.

More to the point, I think that unless the site you are going to with sensitive information has properly implemented SSL (is completely SSL'd throughout the site and not just on authentication) then you shouldn't be visiting that site with sensitive information in the first place.

But if you are referring to something else... let me know. But my assumptions about SSL are that since it's encrypted traffic, and barring any insecure implementations of SSL, it's a secure way to communicate (aside from outlandish uber-hacker gangs and rogue governments... but if that's a realistic fear I wouldn't get online in the first place )

Here's a fun article about cracking SSL itself. I believe this refers to USA-export encryption, not domestic (which is stronger.) Here's another. This one is a more technical paper that describes the toughness of SSL.
__________________
Network Firefighter
Reply With Quote