Re: Cyberattack of the day...

2011-06-23 Thread Ben Scott
On Thu, Jun 23, 2011 at 3:16 PM, Art DeKneef wrote: > You're comparing two different things here. Granted most people wouldn't > know the difference. I think your second sentence is part of the problem, really. The SSL cert vendors (Verisign, et. al.) spend a lot of advertising resources tel

Re: Cyberattack of the day...

2011-06-23 Thread Ben Scott
On Thu, Jun 23, 2011 at 12:17 PM, Joseph Heaton wrote: >>> So what do you do to "secure" your website? If not certs, then what? >> >> I didn't say I had a better solution. That doesn't prevent me from >> recognizing the problem. > > I wasn't criticizing what you said, was just curious if there

RE: Cyberattack of the day...

2011-06-23 Thread John Aldrich
To: NT System Admin Issues Subject: RE: Cyberattack of the day... You're comparing two different things here. Granted most people wouldn't know the difference. You say Verisign and others have indoctrinated us to the "fact" that an SSL encrypted website is "secure". I c

RE: Cyberattack of the day...

2011-06-23 Thread Sean Rector
Admin Issues Subject: RE: Cyberattack of the day... You're comparing two different things here. Granted most people wouldn't know the difference. You say Verisign and others have indoctrinated us to the "fact" that an SSL encrypted website is "secure". I checked and

RE: Cyberattack of the day...

2011-06-23 Thread Art DeKneef
ference. IMHO. If we do not explain the difference and use the correct terminology, who will. -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Thursday, June 23, 2011 11:08 AM To: NT System Admin Issues Subject: RE: Cyberattack of the day... Well, sorta.

RE: Cyberattack of the day...

2011-06-23 Thread John Aldrich
om: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Thursday, June 23, 2011 1:11 PM To: NT System Admin Issues Subject: RE: Cyberattack of the day... Please tell me this is a sarcastic post... >>> John Aldrich 06/23/11 9:51 AM >>> I'm pretty sure that Verisign and the browser folks

RE: Cyberattack of the day...

2011-06-23 Thread Joseph Heaton
ailto:klu...@gmail.com] Sent: Thursday, June 23, 2011 12:44 PM To: NT System Admin Issues Subject: Re: Cyberattack of the day... I'm constantly amazed at the number of people, including some in IT, who think SSL means the server is secure. I haven't seen this myself, but I wouldn't

Re: Cyberattack of the day...

2011-06-23 Thread Joseph Heaton
Notice I put secure in quotes... I'm very aware of the lack of actual security. >>> Kevin Lundy 06/23/11 9:48 AM >>> I'm constantly amazed at the number of people, including some in IT, who think SSL means the server is secure. I haven't seen this myself, but I wouldn't be surprised if some phis

RE: Cyberattack of the day...

2011-06-23 Thread John Aldrich
yone from Microsoft to "security experts" and banks, etc are all saying "secure" why wouldn't people, including people in IT, believe that SSL==secure? From: Kevin Lundy [mailto:klu...@gmail.com] Sent: Thursday, June 23, 2011 12:44 PM To: NT System Admin Issues Subject: R

Re: Cyberattack of the day...

2011-06-23 Thread Kevin Lundy
I'm constantly amazed at the number of people, including some in IT, who think SSL means the server is secure. I haven't seen this myself, but I wouldn't be surprised if some phishing attacks use SSL just to leverage that misconception. On Thu, Jun 23, 2011 at 11:53 AM, Ben Scott wrote: > On Th

Re: Cyberattack of the day...

2011-06-23 Thread Joseph Heaton
I wasn't criticizing what you said, was just curious if there was new technology I didn't know about. >>> Ben Scott 06/23/11 8:55 AM >>> On Thu, Jun 23, 2011 at 11:35 AM, Joseph Heaton wrote: >> SSL certs are already near-worthless, unfortunately. > > So what do you do to "secure" your website

Re: Cyberattack of the day...

2011-06-23 Thread Ben Scott
On Thu, Jun 23, 2011 at 11:35 AM, Joseph Heaton wrote: >> SSL certs are already near-worthless, unfortunately. > > So what do you do to "secure" your website?  If not certs, then what? I didn't say I had a better solution. That doesn't prevent me from recognizing the problem. "Using encryp

Re: Cyberattack of the day...

2011-06-23 Thread Joseph Heaton
So what do you do to "secure" your website? If not certs, then what? >>> Ben Scott 06/22/11 12:11 PM >>> On Wed, Jun 22, 2011 at 3:02 PM, Andrew S. Baker wrote: > http://www.theregister.co.uk/2011/06/21/startssl_security_breach/ > In today's attack of the day... > An attack on web authenticatio

Re: Cyberattack of the day...

2011-06-22 Thread Andrew S. Baker
He called the bat phone, though... *ASB *(Professional Bio ) Harnessing the Advantages of Technology for the SMB market... On Wed, Jun 22, 2011 at 3:10 PM, Ben Scott wrote: > On Wed, Jun 22, 2011 at 3:02 PM, Andrew S. Baker > wrote: > > http://www.there

Re: Cyberattack of the day...

2011-06-22 Thread Ben Scott
On Wed, Jun 22, 2011 at 3:02 PM, Andrew S. Baker wrote: > http://www.theregister.co.uk/2011/06/21/startssl_security_breach/ > In today's attack of the day... > An attack on web authentication authority StartSSL has lead to them > suspending their services and stopped issuing any further certificat