Re: Secure file transfer

evans@xxxxxxxxxxxxxxxxxxx wrote:


1. When I use Auth SSL to connect, I see this message in the session
script:

AUTH SSL
500 This security scheme is not implemented

Does that mean that my login and password are in clear text? And/or
that any files I transfer are also vulnerable?


If you're in implicit SSL mode: No, since you're already running everything within an SSL session (and therefore trying to establish another SSL session fails, intentionally). I guess this is what your tech guys tried to communicate to you.

On the other, even in explitic SSL mode this is not the end of the world, since there're a some othe rknown other variants to initiate SSL mode (like MODE SSL and PROTP).


2. Web-based services such as Yahoo Mail protect the login (https://
shows up on the URL bar when you log in), but thereafter it is
straight http://. This means that any mail I send or receive would be
visible as clear text to a sniffer, correct?


No, because they're target URL of their login forms is an https:// URL.
Yes, because this is still a problem since this form, send over an unsecured HTTP connection, could be spoofed, and without looking at the websites HTML code you don't know to which URL the form is pointing to (and after sending the data it might be too late).

> If that's the case, why isn't it a huge problem?

It is, these idiots just don't want to acknowledge the problem.

> Is it simply a matter of too much email, too few hackers?!

No, it's about the additional processing cost and therefore hardware cost.
.

Relevant Pages

  • Webmin and Apache questions.......
    ... RequestThis web server is running in SSL mode. ... I'm new to Debian Linux. ... BTW doesn't Apache listen on port 8080 for ssl? ...
    (Debian-User)
  • Re: Securing specific pages on a website
    ... Pages are only viewable in SSL mode if you create a link to them as ... FrontPage Resources, WebCircle, MS KB Quick Links, etc. ... > Subject: Re: Securing specific pages on a website> ...
    (microsoft.public.frontpage.client)
  • tomcat 5.5.4 and SSL on selected pages
    ... I have some questions about SSL in tomcat. ... My set up of the ssl port works ... Opening the test.jsp in my browser changes the connection to ssl mode, ...
    (comp.lang.java.programmer)
  • Re: SSL comunications
    ... I would like to run my ASP.NET application in SSL mode. ... I load htm page with three frames and the IE shows this Security Information "This page contains both secure ... Do you want to display the nonsecure items ?" ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: SSL php code
    ... > Sean I am planning on exclusievely using secure pages (ssl) after the user requests to login. ... This will securely redirect to a login ...
    (comp.lang.php)