[ILUG] [ot] secure sites
Paul Kelly
longword at esatclear.ie
Thu Nov 1 15:20:16 GMT 2001
Fergal Daly wrote:
[Packet sniffing]
>>Well if the subnet you sit on is not switched
> Aboslutely but then again I think not being switch would be far worse at the
> server end than the client end.
Ethernet switches are not security devices, particularly in their
default configuration. Do no rely on them to perform as such. Routers
aren't always as secure as we'd like to think either.
http://www.theregister.co.uk/content/55/22406.html
When sending details like credit card numbers, you also have to worry
about how secure the site is overall - a 128-bit security certificate
isn't enough. It's not unheard-of for 'secure' sites to have their
database servers wide-open to hacking.
Paul.
More information about the ILUG
mailing list