On Sun, 2 Oct 2011 18:50:13 +0000 (UTC), Justaguy
<Justaguy@Use-Author-Supplied-Address.invalid> wrote:
>Can a hotspot be set up as a honey pot that can infiltrate
>computers despite users using SSL for critical data
>transfers?
No. They would need to have successfully forged the SSL certificate
of the destination server. That's not going to happen unless the user
elects to ignore certificate errors.
There is a risk with badly designed web pages. It is possible to view
a mix of encrypted and unencrypted components of a web page. You'll
see an error message something like "You have requested an encrypted
page that contains some unencrypted information. Information that you
see or enter on this page could easily be read by a third party." The
way around this is to force ALL such traffic to be SSL encrypted.
<https://addons.mozilla.org/en-US/firefox/addon/force-tls/>
>Seems to me a hotspot could inject viruses, trojans or worms
>though a man in the middle attack, take control of your
>computer and fork SSL connections through their computers?
SSL is one way. There's no way anything can be "injected" backwards
into your computah.
>Unless ALL of your traffic is encrypted I think there is a
>big risk using hotspots or am I wrong?
With SSL, all the traffic is encrypted.
<http://www.verisign.com/ssl/ssl-information-center/how-ssl-security-works/>
--
Jeff Liebermann
jeffl@cruzio.com
150 Felker St #D
http://www.LearnByDestroying.com
Santa Cruz CA 95060
http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
Re: Hotspot Security, How safe is SSL? 
Linear Mode
