Hotspot Security, How safe is SSL?

Can a hotspot be set up as a honey pot that can infiltrate computers despite users using SSL for critical data transfers?

Seems to me a hotspot could inject viruses, trojans or worms though a man in the middle attack, take control of your computer and fork SSL connections through their computers? Unless ALL of your traffic is encrypted I think there is a big risk using hotspots or am I wrong?

Reply to
Loading thread data ...

No. They would need to have successfully forged the SSL certificate of the destination server. That's not going to happen unless the user elects to ignore certificate errors.

There is a risk with badly designed web pages. It is possible to view a mix of encrypted and unencrypted components of a web page. You'll see an error message something like "You have requested an encrypted page that contains some unencrypted information. Information that you see or enter on this page could easily be read by a third party." The way around this is to force ALL such traffic to be SSL encrypted.

SSL is one way. There's no way anything can be "injected" backwards into your computah.

With SSL, all the traffic is encrypted.

Reply to
Jeff Liebermann

Well there are other ways that an attacker can end up with forged certificates - just ask Comodo and DigiNotar.

formatting link
Just have a look at how many Certificate Authorities you "trust" in your browser. How many of those authorities that you supposedly trust have you even heard of?

Hey they're working on it:

formatting link

Reply to

Spoof router, or set up as "repeater", or receive-alter-reissue certificate. And many, many sites, such as Yahoo mail and Gmail either only do secure during login or insecurely implemented secure login and mix in unsecure data on secure pages whether you say no or got transmitted even if not displayed.

Reply to
none Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.