Go Back   Wireless and Wifi Forums > News > Newsgroups > alt.computer.security
Register FAQ Forum Rules Members List Calendar Search Today's Posts Advertise Mark Forums Read

 
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 01-21-2007, 12:03 AM
teabox
Guest
 
Posts: n/a
Default Web Page Certificates

I have been wondering how I can be sure, when more than one person uses
a computer, if the web page certificates are authentic or not. How do
I know that someone else didn't accept a bogus certificate?

Thank!


Reply With Quote
  #2 (permalink)  
Old 01-21-2007, 02:42 AM
Todd H.
Guest
 
Posts: n/a
Default Re: Web Page Certificates

"teabox" <greyteabox@yahoo.com> writes:

> I have been wondering how I can be sure, when more than one person uses
> a computer, if the web page certificates are authentic or not. How do
> I know that someone else didn't accept a bogus certificate?


What operating system? What web browser? Do you have a separate
account on that computer that no one else has access to?

Also, it bears mentioning the obvious that just because a given web
site has an SSL certificate, and you're seeing one that is attributed
to them, doesn't mean your activities are safe and secure and that the
information you provide them won't be cracked by other means.

--
Todd H.
http://www.toddh.net/

Reply With Quote
  #3 (permalink)  
Old 01-21-2007, 04:41 AM
teabox
Guest
 
Posts: n/a
Default Re: Web Page Certificates

Todd H. wrote:
> "teabox" <greyteabox@yahoo.com> writes:
>
> > I have been wondering how I can be sure, when more than one person uses
> > a computer, if the web page certificates are authentic or not. How do
> > I know that someone else didn't accept a bogus certificate?

>
> What operating system? What web browser? Do you have a separate
> account on that computer that no one else has access to?
>
>
> --
> Todd H.
> http://www.toddh.net/


Todd,

Thanks for you reply.

I am using Windows XP, SP2. Firefox 2.01 and Internet Explorer 6.

My computer at work does not have separate accounts, but even if I set
one up others could certainly use the account from time to time.

> Also, it bears mentioning the obvious that just because a given web
> site has an SSL certificate, and you're seeing one that is attributed
> to them, doesn't mean your activities are safe and secure and that the
> information you provide them won't be cracked by other means.


What other means are you thinking about? I am aware of key loggers and
traffic sniffing via programs like Cain and Abel(Cain uses fake SSL
certificates).

I am quite new to this. I am beginning to wonder if using a public
computer is safe at all. Regardless, I am interesting in understanding
how I can keep my private stuff private!

Thanks,

TB


Reply With Quote
  #4 (permalink)  
Old 01-21-2007, 06:28 AM
Todd H.
Guest
 
Posts: n/a
Default Re: Web Page Certificates

"teabox" <greyteabox@yahoo.com> writes:

> Todd H. wrote:
> > "teabox" <greyteabox@yahoo.com> writes:
> >
> > > I have been wondering how I can be sure, when more than one person uses
> > > a computer, if the web page certificates are authentic or not. How do
> > > I know that someone else didn't accept a bogus certificate?

> >
> > What operating system? What web browser? Do you have a separate
> > account on that computer that no one else has access to?
> >
> >
> > --
> > Todd H.
> > http://www.toddh.net/

>
> Todd,
>
> Thanks for you reply.
>
> I am using Windows XP, SP2. Firefox 2.01 and Internet Explorer 6.
>
> My computer at work does not have separate accounts, but even if I set
> one up others could certainly use the account from time to time.
>
> > Also, it bears mentioning the obvious that just because a given web
> > site has an SSL certificate, and you're seeing one that is attributed
> > to them, doesn't mean your activities are safe and secure and that the
> > information you provide them won't be cracked by other means.

>
> What other means are you thinking about? I am aware of key loggers and
> traffic sniffing via programs like Cain and Abel(Cain uses fake SSL
> certificates).


Exactly. Keyloggers for one.

Then, the actual websites you visit can be prone to attack
themselves.

Man in the middle SSL attacks are possible as well, and not all
require intervention.

> I am quite new to this. I am beginning to wonder if using a public
> computer is safe at all.


It is not. Maybe if you boot your own OS, but even then there could
be a hardware key logger installed. You never know.

> Regardless, I am interesting in understanding how I can keep my
> private stuff private!


You'll want to start by not using public computers, I'm afraid.

--
Todd H.
http://www.toddh.net/

Reply With Quote
Reply


« Another One Bites the Dust - That Didn't Take Long! | for armstrong: truly substantial dvd video - kuyka ah obwi - (1/1) »
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Sony Ericsson W810i... mp4 files and internet certificates. Banana uk.telecom.mobile 4 09-25-2006 11:35 AM
[SSL-Talk List FAQ] Secure Sockets Layer Discussion List FAQ v1.1.1 Shannon Appel comp.security.misc 0 10-19-2005 04:37 AM
[SSL-Talk List FAQ] Secure Sockets Layer Discussion List FAQ v1.1.1 Shannon Appel comp.security.misc 0 08-30-2005 04:26 AM
[SSL-Talk List FAQ] Secure Sockets Layer Discussion List FAQ v1.1.1 Shannon Appel comp.security.misc 0 07-31-2005 04:25 AM
posting form info to a page cosmic foo alt.computer.security 1 07-20-2005 07:22 AM


All times are GMT. The time now is 11:19 AM.



Powered by vBulletin® Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.0 PL2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45