> if you give your credit card to a site that uses ssl and you don't accept > ssl certificates that don't fully validate, then you're as safe as you can > get. ssl provides end to end encryption (from your computer to the server > a the other end) so anyone in between can see the bits, but not decode > them. but that is all predicated on the fact that the certificate is > signed by an authority that your browser trusts. if you see a warning > that the certificate isn't valid for any reason, then you shouldn't trust > it and shouldn't give sensitive information to that website.
Joe hit the nail on the head. SSL/TLS can protect you perfectly well, in theory, regardless of how unsafe the network is. However, there are a number of gotchas in practice. You need to ensure at least the following: - The site's certificate validates correctly, with no warnings whatsoever, as previously mentioned. - The site is the one you think it is. SSL's authentication only attempts to guarantee that the system you're communicating with matches the domain name it's hosted at. If you're sending sensitive info to a phishing site, such as paypa1.com, then you have no protection. Of course that applies to ALL transfers of sensitive information, not just ones over an insecure wireless link. - You disable SSL version 2. Recent versions of browsers have this off by default. - The site you're communicating with sets the "secure" cookie flag on all sensitive session cookies. This is a pain to check sometimes. If you view the cookies for the site in firefox, there is a line indicating what kind of connection they may be used for. This should indicate encrypted/secure connections only for all cookies. If you don't see this, then it is remotely possible that your session could be hijacked by a man in the middle or a passive sniffer. - The site you're communicating with has a login form served over SSL. Many major sites, for a long time, would serve their login form over HTTP which posted to HTTPS pages. This is really really unsafe when it comes to man-in-the-middle attacks. - ... probably a handful of other things ... So, while I disagree with Tim and Carlos in their paranoia, you can see why one might think it's very unsafe to do these kinds of transactions, for the typical user, over an insecure wireless link. However, consider for a moment the issues with WEP and WPA-PSK. If you're using a single password for a wireless network, then every user of that wireless network can still conduct man-in-the-middle attacks on you. For all of the attacks listed above, these kinds of networks DO NOT PROTECT YOU. The perpetual problem with secure protocols is not the protocols. It is the authentication. No one wants to deal with the hassle of giving every individual user a separate WPA password, so they don't. Well that also means all users can muck with all other users of that network. SSL's PKI is weak and fragile, but it's still better authentication than a shared password amongst a bunch of random customers... tim _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
