[ILUG] [ot] secure sites
Fergal Daly
fergal at esatclear.ie
Thu Nov 1 12:56:50 GMT 2001
Saying "anyone" can intercept your credit card number is a bit of an
exaggeration. It would have to be someone who had superuser access on one of
the routers between you and the bank's site and they'd have to be capturing
all traffic to the bank's site and analysing it for requests containing
people's card numbers.
That's not to say that unencrypted sites are fine, they're just not as
insecure as they are sometimes made out to be.
Also, a "secure" site who's key length is too short should probably also be
considered insecure. Mozilla can be set to warn about this but I don't think
any other browser makes a distinction between 128 bit and 48 bit (or is it
56?) security,
Fergal
On Thu, Nov 01, 2001 at 09:01:00AM +0000, Ivan Kelly wrote:
> general the padlock indicates that your using a https ssl server. if the
> lock isn't there, anything you send isn't encrypted meaning anyone can
> intercept your credit card number etc.
More information about the ILUG
mailing list