"nemo_outis" <abc@xyz.com> wrote in
news:Xns9A4D5BFC23FD9pqwertyu@64.59.135.159:

> bealoid <signup@bealoid.co.uk> wrote in
> news:Xns9A4D94296AC6FYAsfKJXSTO@194.117.143.37:
>
> You need to read up on SSL.

I know! I've got the RFCs and such now.
>
> Simplifying a bit, as long as:
>
> 1) the bank (or other destination site) has properly implemented its
> pages (doesn't mix http & https, doesn't switch away, etc.), and
> 2) you actually *check* its SSL certificate to make sure it's for
> whomever you're trying to connect to,
>
> you're bombproof.

I really thought this was the case. I'm having a gentle argument in a
virginmedia supprt newsgroup.

>
> Regards,
>
> PS This assumes, of course, that your computer is not infested with
> spyware, Trojans, and the like and that you practice safe computing by
> securing your browser, flushing caches and cookies, etc. or even
> signing off after a secure session. In short, SSL protects
> communications in transit, it doesn't protect against compromise (and
> stupid mistakes) at either end point, especially by a user
> unreflectively clicking on stuff he shouldn't (slightly misspelled
> URLs, etc.).

Well, yes. The number of machines that get trojaned by users clicking
the "yes, please instal malware" buttons isn't re-assuring. :-(