Web Page Certificates

Discussion in 'Computer Security' started by teabox, Jan 21, 2007.

  1. teabox

    teabox Guest

    I have been wondering how I can be sure, when more than one person uses
    a computer, if the web page certificates are authentic or not. How do
    I know that someone else didn't accept a bogus certificate?

    Thank!
    teabox, Jan 21, 2007
    #1
    1. Advertising

  2. teabox

    Todd H. Guest

    "teabox" <> writes:

    > I have been wondering how I can be sure, when more than one person uses
    > a computer, if the web page certificates are authentic or not. How do
    > I know that someone else didn't accept a bogus certificate?


    What operating system? What web browser? Do you have a separate
    account on that computer that no one else has access to?

    Also, it bears mentioning the obvious that just because a given web
    site has an SSL certificate, and you're seeing one that is attributed
    to them, doesn't mean your activities are safe and secure and that the
    information you provide them won't be cracked by other means.

    --
    Todd H.
    http://www.toddh.net/
    Todd H., Jan 21, 2007
    #2
    1. Advertising

  3. teabox

    teabox Guest

    Todd H. wrote:
    > "teabox" <> writes:
    >
    > > I have been wondering how I can be sure, when more than one person uses
    > > a computer, if the web page certificates are authentic or not. How do
    > > I know that someone else didn't accept a bogus certificate?

    >
    > What operating system? What web browser? Do you have a separate
    > account on that computer that no one else has access to?
    >
    >
    > --
    > Todd H.
    > http://www.toddh.net/


    Todd,

    Thanks for you reply.

    I am using Windows XP, SP2. Firefox 2.01 and Internet Explorer 6.

    My computer at work does not have separate accounts, but even if I set
    one up others could certainly use the account from time to time.

    > Also, it bears mentioning the obvious that just because a given web
    > site has an SSL certificate, and you're seeing one that is attributed
    > to them, doesn't mean your activities are safe and secure and that the
    > information you provide them won't be cracked by other means.


    What other means are you thinking about? I am aware of key loggers and
    traffic sniffing via programs like Cain and Abel(Cain uses fake SSL
    certificates).

    I am quite new to this. I am beginning to wonder if using a public
    computer is safe at all. Regardless, I am interesting in understanding
    how I can keep my private stuff private!

    Thanks,

    TB
    teabox, Jan 21, 2007
    #3
  4. teabox

    Todd H. Guest

    "teabox" <> writes:

    > Todd H. wrote:
    > > "teabox" <> writes:
    > >
    > > > I have been wondering how I can be sure, when more than one person uses
    > > > a computer, if the web page certificates are authentic or not. How do
    > > > I know that someone else didn't accept a bogus certificate?

    > >
    > > What operating system? What web browser? Do you have a separate
    > > account on that computer that no one else has access to?
    > >
    > >
    > > --
    > > Todd H.
    > > http://www.toddh.net/

    >
    > Todd,
    >
    > Thanks for you reply.
    >
    > I am using Windows XP, SP2. Firefox 2.01 and Internet Explorer 6.
    >
    > My computer at work does not have separate accounts, but even if I set
    > one up others could certainly use the account from time to time.
    >
    > > Also, it bears mentioning the obvious that just because a given web
    > > site has an SSL certificate, and you're seeing one that is attributed
    > > to them, doesn't mean your activities are safe and secure and that the
    > > information you provide them won't be cracked by other means.

    >
    > What other means are you thinking about? I am aware of key loggers and
    > traffic sniffing via programs like Cain and Abel(Cain uses fake SSL
    > certificates).


    Exactly. Keyloggers for one.

    Then, the actual websites you visit can be prone to attack
    themselves.

    Man in the middle SSL attacks are possible as well, and not all
    require intervention.

    > I am quite new to this. I am beginning to wonder if using a public
    > computer is safe at all.


    It is not. Maybe if you boot your own OS, but even then there could
    be a hardware key logger installed. You never know.

    > Regardless, I am interesting in understanding how I can keep my
    > private stuff private!


    You'll want to start by not using public computers, I'm afraid.

    --
    Todd H.
    http://www.toddh.net/
    Todd H., Jan 21, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Harry the Horse

    Web page has altered my home page in IE 5.5

    Harry the Horse, Jul 10, 2003, in forum: Computer Support
    Replies:
    3
    Views:
    514
    sethra
    Jul 11, 2003
  2. Route 9w
    Replies:
    7
    Views:
    657
  3. Phil
    Replies:
    7
    Views:
    1,051
    Wyatt M. Portendt
    Mar 4, 2004
  4. Lord Amoeba

    Self-issued certificates and commercial certificates.

    Lord Amoeba, Apr 30, 2004, in forum: Computer Security
    Replies:
    2
    Views:
    887
    David W.E. Roberts
    May 5, 2004
  5. jw 1111

    web page sent as a link or as a page

    jw 1111, Apr 16, 2006, in forum: Computer Support
    Replies:
    2
    Views:
    412
    Whiskers
    Apr 16, 2006
Loading...

Share This Page