"teabox" <greyteabox@yahoo.com> writes:

> Todd H. wrote:
> > "teabox" <greyteabox@yahoo.com> writes:
> >
> > > I have been wondering how I can be sure, when more than one person uses
> > > a computer, if the web page certificates are authentic or not. How do
> > > I know that someone else didn't accept a bogus certificate?
> >
> > What operating system? What web browser? Do you have a separate
> > account on that computer that no one else has access to?
> >
> >
> > --
> > Todd H.
> > http://www.toddh.net/
>
> Todd,
>
> Thanks for you reply.
>
> I am using Windows XP, SP2. Firefox 2.01 and Internet Explorer 6.
>
> My computer at work does not have separate accounts, but even if I set
> one up others could certainly use the account from time to time.
>
> > Also, it bears mentioning the obvious that just because a given web
> > site has an SSL certificate, and you're seeing one that is attributed
> > to them, doesn't mean your activities are safe and secure and that the
> > information you provide them won't be cracked by other means.
>
> What other means are you thinking about? I am aware of key loggers and
> traffic sniffing via programs like Cain and Abel(Cain uses fake SSL
> certificates).

Exactly. Keyloggers for one.

Then, the actual websites you visit can be prone to attack
themselves.

Man in the middle SSL attacks are possible as well, and not all
require intervention.

> I am quite new to this. I am beginning to wonder if using a public
> computer is safe at all.

It is not. Maybe if you boot your own OS, but even then there could
be a hardware key logger installed. You never know.

> Regardless, I am interesting in understanding how I can keep my
> private stuff private!

You'll want to start by not using public computers, I'm afraid.

--
Todd H.
http://www.toddh.net/