|
Posted by Todd H. on January 21, 2007, 2:28 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Todd H. wrote:
> >
> > > I have been wondering how I can be sure, when more than one person uses
> > > a computer, if the web page certificates are authentic or not. How do
> > > I know that someone else didn't accept a bogus certificate?
> >
> > What operating system? What web browser? Do you have a separate
> > account on that computer that no one else has access to?
> >
> >
> > --
> > Todd H.
> > http://www.toddh.net/
>
> Todd,
>
> Thanks for you reply.
>
> I am using Windows XP, SP2. Firefox 2.01 and Internet Explorer 6.
>
> My computer at work does not have separate accounts, but even if I set
> one up others could certainly use the account from time to time.
>
> > Also, it bears mentioning the obvious that just because a given web
> > site has an SSL certificate, and you're seeing one that is attributed
> > to them, doesn't mean your activities are safe and secure and that the
> > information you provide them won't be cracked by other means.
>
> What other means are you thinking about? I am aware of key loggers and
> traffic sniffing via programs like Cain and Abel(Cain uses fake SSL
> certificates).
Exactly. Keyloggers for one.
Then, the actual websites you visit can be prone to attack
themselves.
Man in the middle SSL attacks are possible as well, and not all
require intervention.
> I am quite new to this. I am beginning to wonder if using a public
> computer is safe at all.
It is not. Maybe if you boot your own OS, but even then there could
be a hardware key logger installed. You never know.
> Regardless, I am interesting in understanding how I can keep my
> private stuff private!
You'll want to start by not using public computers, I'm afraid.
--
Todd H.
http://www.toddh.net/
| 
XML site map