Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Web Page Certificates

Reply
Thread Tools

Web Page Certificates

 
 
teabox
Guest
Posts: n/a
 
      01-21-2007
I have been wondering how I can be sure, when more than one person uses
a computer, if the web page certificates are authentic or not. How do
I know that someone else didn't accept a bogus certificate?

Thank!

 
Reply With Quote
 
 
 
 
Todd H.
Guest
Posts: n/a
 
      01-21-2007
"teabox" <(E-Mail Removed)> writes:

> I have been wondering how I can be sure, when more than one person uses
> a computer, if the web page certificates are authentic or not. How do
> I know that someone else didn't accept a bogus certificate?


What operating system? What web browser? Do you have a separate
account on that computer that no one else has access to?

Also, it bears mentioning the obvious that just because a given web
site has an SSL certificate, and you're seeing one that is attributed
to them, doesn't mean your activities are safe and secure and that the
information you provide them won't be cracked by other means.

--
Todd H.
http://www.toddh.net/
 
Reply With Quote
 
 
 
 
teabox
Guest
Posts: n/a
 
      01-21-2007
Todd H. wrote:
> "teabox" <(E-Mail Removed)> writes:
>
> > I have been wondering how I can be sure, when more than one person uses
> > a computer, if the web page certificates are authentic or not. How do
> > I know that someone else didn't accept a bogus certificate?

>
> What operating system? What web browser? Do you have a separate
> account on that computer that no one else has access to?
>
>
> --
> Todd H.
> http://www.toddh.net/


Todd,

Thanks for you reply.

I am using Windows XP, SP2. Firefox 2.01 and Internet Explorer 6.

My computer at work does not have separate accounts, but even if I set
one up others could certainly use the account from time to time.

> Also, it bears mentioning the obvious that just because a given web
> site has an SSL certificate, and you're seeing one that is attributed
> to them, doesn't mean your activities are safe and secure and that the
> information you provide them won't be cracked by other means.


What other means are you thinking about? I am aware of key loggers and
traffic sniffing via programs like Cain and Abel(Cain uses fake SSL
certificates).

I am quite new to this. I am beginning to wonder if using a public
computer is safe at all. Regardless, I am interesting in understanding
how I can keep my private stuff private!

Thanks,

TB

 
Reply With Quote
 
Todd H.
Guest
Posts: n/a
 
      01-21-2007
"teabox" <(E-Mail Removed)> writes:

> Todd H. wrote:
> > "teabox" <(E-Mail Removed)> writes:
> >
> > > I have been wondering how I can be sure, when more than one person uses
> > > a computer, if the web page certificates are authentic or not. How do
> > > I know that someone else didn't accept a bogus certificate?

> >
> > What operating system? What web browser? Do you have a separate
> > account on that computer that no one else has access to?
> >
> >
> > --
> > Todd H.
> > http://www.toddh.net/

>
> Todd,
>
> Thanks for you reply.
>
> I am using Windows XP, SP2. Firefox 2.01 and Internet Explorer 6.
>
> My computer at work does not have separate accounts, but even if I set
> one up others could certainly use the account from time to time.
>
> > Also, it bears mentioning the obvious that just because a given web
> > site has an SSL certificate, and you're seeing one that is attributed
> > to them, doesn't mean your activities are safe and secure and that the
> > information you provide them won't be cracked by other means.

>
> What other means are you thinking about? I am aware of key loggers and
> traffic sniffing via programs like Cain and Abel(Cain uses fake SSL
> certificates).


Exactly. Keyloggers for one.

Then, the actual websites you visit can be prone to attack
themselves.

Man in the middle SSL attacks are possible as well, and not all
require intervention.

> I am quite new to this. I am beginning to wonder if using a public
> computer is safe at all.


It is not. Maybe if you boot your own OS, but even then there could
be a hardware key logger installed. You never know.

> Regardless, I am interesting in understanding how I can keep my
> private stuff private!


You'll want to start by not using public computers, I'm afraid.

--
Todd H.
http://www.toddh.net/
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Are SSL certificates and x.509 certificates the same? n33470 ASP .Net Web Services 0 12-14-2005 03:30 PM
403 Error Web App to Web App with Client Certificates Peter Sedman ASP .Net Security 18 11-18-2004 08:09 PM
RE: Web page is not available - "The Web page you requested is not available offline. To view this page, click Connect" =?Utf-8?B?VHJldm9yIEJlbmVkaWN0IFI=?= ASP .Net 0 06-07-2004 07:11 AM
Re: Web page is not available - "The Web page you requested is not available offline. To view this page, click Connect" Natty Gur ASP .Net 0 06-06-2004 05:46 AM
Self-issued certificates and commercial certificates. Lord Amoeba Computer Security 2 05-05-2004 01:40 PM



Advertisments