Re: secure without the https???
From: Whoever (nobody@devnull.none)
Date: 04/06/03
- Next message: David Norris: "Security Ebook"
- Previous message: sponge: "Re: secure without the https???"
- In reply to: sponge: "Re: secure without the https???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Whoever <nobody@devnull.none> Date: Sun, 06 Apr 2003 05:29:01 GMT
On Sun, 6 Apr 2003, sponge wrote:
> On Sat, 5 Apr 2003 15:15:00 +0000 (UTC), "Simon" <sjh@yabadabado.com>
> wrote:
>
> >Hi.
> >
> >Was confused by a site which proposed to offer secure credit card
> >transactions.
> >
> >The page containing the form does not begin https (it merely displayed the
> >company's main address beginning http) and the padlock icon (using IE6) does
> >So, is this secure or not? In my experience the page I was entering my
> >details on always displayed the secure features.
> >
>
> Secure pages (SSL) presents something of a false sense of security; it
> will do absolutely nothing to protect you against spyware or the like,
> who'se purpose is to grab info *BEFORE* it gets encrypted and sent out
> over the Internet. SSL only gives you protection against sensitive
> data being read in transit.
It also gives you verification that you are really connected to the
website that you think you are connected to. The use of certificates
provides this.
However, most browsers have been found in the past to have flaws in their
handling of certificates (or rather the certificate chain). I am not sure
if IE has been properly fixed yet.
- Next message: David Norris: "Security Ebook"
- Previous message: sponge: "Re: secure without the https???"
- In reply to: sponge: "Re: secure without the https???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
