Category: 
May 25, 2009Hacker groups have reported that man-in-the-middle attacks can be used to strip away the benefits of SSL security when transacting online. However, says the inventor of SSL, these are a browser problem and, moreso, theyre not so black and white.
About!
Stopping people from slumping over their keyboards dead since 2008!
More...Subscribe
-
Recent Comments
- Friday Drama – Meet Suicide 2.0 and start over literally :Mama ASID's E N T R E P O D on Obliterate All Your Social Media Accounts
- Is it smart to use DropBox for backups? | Be Redundant! on JungleDisk: Amazon S3 For Windows, Mac & Linux
- Debian Startup Scripts on Looking for Blackberry OTA Backup Solutions
- February 2010 Price list BlackBerry, iPhone, PDA O2, Dopod, HTC Touch, and SmartPhones | Harga Ponsel Online Indonesia, complete info, mobile phone price list, up to date, and free download software on Looking for Blackberry OTA Backup Solutions
- Freelance Tips | Jeremy Wheat on Top 4 Web Apps I Cannot Live Without
Archives
Tags
Add new tag batchbook bell blackberry Canada cell phone code weavers Comma-separated values crm CSS Database Data Formats email Facebook fastmail fax firefox flash freshbooks GoGrid google google gadgets highrise Internet Konqueror lazy Linux Mobile phone MySQL nokia 770 Open Source Operating system paypal pda php Server Spam telephone telus toll free ubuntu VMware widgets Windows WordPress
-
Categories
-
Recent Articles
- Adobe Reader Cannot Send PDF’s via Email
- Data Scoring and Massive Data Matches
- reCaptcha – Help Digitize the World
- Load a CSV File into MySQL Using LOAD DATA INFILE
- How to Change a Column Definition in MySQL
- How to Select Fields for Indexing in a Database Table
- What Does “Unlocking” a Cell Phone Mean?
- Looking for Blackberry OTA Backup Solutions
- JungleDisk: Amazon S3 For Windows, Mac & Linux
- GoGrid: Instant Servers and Cloud Storage
-
Meta
designed by: Website Templates for Top WP Themes
1 person has left a comment
It’s no doubt a browser issue since users come to SSL by either clicking on a link or getting redirected, both of those spots are highly vulnerable to attack.
So there you have the “fake page” loaded up, misleading the user to think they’re on a legitimate, secure page, when in fact they are not. It does nothing to directly compromise the encryption, and it’s based entirely around user error.
The fix: educated users to recognize phishing, scam sites, etc. and on the other side employ more robust encryption via EV SSL, where it’s near impossible to recreate a Man-in-the-Middle attack (spoofing the green url bar or extended validation credentials)