HTTPS - How hard to decrypt?

From: Craig Brauckmiller (c_brauckmiller_at_lek.com)
Date: 07/08/03

  • Next message: Tim Greer: "Re: Mail relay"
    Date: 8 Jul 2003 17:33:02 -0000
    To: security-basics@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is)

    We have begun rolling out wireless cards to our VP laptops. We have also
    purchased T-Mobile Hotspot accounts for them to use in such places as
    Starbucks, American Admiral's Clubs, etc.

    From my testing, the user name and password entry screen that TMobile
    requires you to fill in before they will allow you to do any type of
    surfing.

    The login page does use HTTPS, so I assume the user name and password are
    encrypted when the user submits the page.

    How hard is it to decrypt SSL based traffic over a wireless link or wired
    for that matter? Is it something trivial, or would it take some time to
    break? I just worry about a hacker hanging out at Starbucks and snagging
    a user name and password for free internet access.

    Thanks

    Craig Brauckmiller

    ---------------------------------------------------------------------------
    Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    while InStat has confirmed Neoteris as the leader in marketshare.
         
    Find out why, and see how you can get plug-n-play secure remote access in
    about an hour, with no client, server changes, or ongoing maintenance.
              
    Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    ----------------------------------------------------------------------------


  • Next message: Tim Greer: "Re: Mail relay"