You're comparing two different things here. Granted most people wouldn't know the difference.
You say Verisign and others have indoctrinated us to the "fact" that an SSL encrypted website is "secure". I checked and they all seem to say "sessions" and not websites. Your post below mentions session so I'm confused if you are talking about the same thing or two different things. Kevin was talking about the server. Granted I'm probably splitting hairs, but too many people assume the two are the same because most vendors do not explain the difference. IMHO. If we do not explain the difference and use the correct terminology, who will. -----Original Message----- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Thursday, June 23, 2011 11:08 AM To: NT System Admin Issues Subject: RE: Cyberattack of the day... Well, sorta. My point is that it has been drummed into people's heads by Verisign and everyone else that "if you see that little padlock, your session is secure." Now, how is that NOT indoctrinating everyone that it's "secure"? -----Original Message----- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Thursday, June 23, 2011 1:11 PM To: NT System Admin Issues Subject: RE: Cyberattack of the day... Please tell me this is a sarcastic post... >>> John Aldrich <jaldr...@blueridgecarpet.com> 06/23/11 9:51 AM >>> I'm pretty sure that Verisign and the browser folks have done a very good job indoctrinating us with the "fact" that an SSL-encrypted website is "secure." Matter of fact, I think Verisign's marketing info uses the phrase "secure your website." So, if everyone from Microsoft to "security experts" and banks, etc are all saying "secure" why wouldn't people, including people in IT, believe that SSL==secure? From: Kevin Lundy [mailto:klu...@gmail.com] Sent: Thursday, June 23, 2011 12:44 PM To: NT System Admin Issues Subject: Re: Cyberattack of the day... I'm constantly amazed at the number of people, including some in IT, who think SSL means the server is secure. I haven't seen this myself, but I wouldn't be surprised if some phishing attacks use SSL just to leverage that misconception. On Thu, Jun 23, 2011 at 11:53 AM, Ben Scott <mailvor...@gmail.com> wrote: On Thu, Jun 23, 2011 at 11:35 AM, Joseph Heaton <jhea...@dfg.ca.gov> wrote: >> SSL certs are already near-worthless, unfortunately. > > So what do you do to "secure" your website? If not certs, then what? I didn't say I had a better solution. That doesn't prevent me from recognizing the problem. "Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit card information from someone living in a cardboard box to someone living on a park bench." (Eugene "spaf" Spafford) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
