Well, sorta. My point is that it has been drummed into people's heads by Verisign and everyone else that "if you see that little padlock, your session is secure." Now, how is that NOT indoctrinating everyone that it's "secure"?
-----Original Message----- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Thursday, June 23, 2011 1:11 PM To: NT System Admin Issues Subject: RE: Cyberattack of the day... Please tell me this is a sarcastic post... >>> John Aldrich <jaldr...@blueridgecarpet.com> 06/23/11 9:51 AM >>> I'm pretty sure that Verisign and the browser folks have done a very good job indoctrinating us with the "fact" that an SSL-encrypted website is "secure." Matter of fact, I think Verisign's marketing info uses the phrase "secure your website." So, if everyone from Microsoft to "security experts" and banks, etc are all saying "secure" why wouldn't people, including people in IT, believe that SSL==secure? From: Kevin Lundy [mailto:klu...@gmail.com] Sent: Thursday, June 23, 2011 12:44 PM To: NT System Admin Issues Subject: Re: Cyberattack of the day... I'm constantly amazed at the number of people, including some in IT, who think SSL means the server is secure. I haven't seen this myself, but I wouldn't be surprised if some phishing attacks use SSL just to leverage that misconception. On Thu, Jun 23, 2011 at 11:53 AM, Ben Scott <mailvor...@gmail.com> wrote: On Thu, Jun 23, 2011 at 11:35 AM, Joseph Heaton <jhea...@dfg.ca.gov> wrote: >> SSL certs are already near-worthless, unfortunately. > > So what do you do to "secure" your website? If not certs, then what? I didn't say I had a better solution. That doesn't prevent me from recognizing the problem. "Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit card information from someone living in a cardboard box to someone living on a park bench." (Eugene "spaf" Spafford) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
