how secure are https sites over wireless at a public library ?

if I type in a password over a https site at the library wireless network , how easy would it be for someone to get my password ?

Reply to
surf
Loading thread data ...

Impossible.

https connections are SSL secured between you and the web server and anybody intercepting the communication would be unable to decrypt the data so you can use a public hotspot to go on secure sites (though make sure it is actually secure as people can hijack routers and serve up a fake but non-secure version of PayPal).

formatting link
formatting link

Reply to
hackman_3vilGuy

Not quite.

In general yes I agree with your sentiment that it's secure but SSL is susceptible to a man in the middle attack. The OP would need to ensure that the certificate matched that of the site and was thus the correct certificate.

Second and yes i'm being picky here, the SSL is not necessarily between client and web server. The chain can be broken. For example with Microsoft ISA server, it's common practice to import the web servers certificate into ISA server since it's actually ISA server that's publishing the web site. It can be the same or a different or no certificate at all used between ISA and the actual web server.

In other words, depending on the configuration of the site, the SSL session exists between the client and the public facing server, the internal communications between the ISA server and web server can be normal HTTP and thus available for sniffing on the internal LAN. Accepted this is not where the major thread would be expected and it would be a poorly configured system but it can be set up this way.

David.

Reply to
David Taylor

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.