Can a hotspot be set up as a honey pot that can infiltrate computers despite users using SSL for critical data transfers?
Seems to me a hotspot could inject viruses, trojans or worms though a man in the middle attack, take control of your computer and fork SSL connections through their computers? Unless ALL of your traffic is encrypted I think there is a big risk using hotspots or am I wrong?
No. They would need to have successfully forged the SSL certificate of the destination server. That's not going to happen unless the user elects to ignore certificate errors.
There is a risk with badly designed web pages. It is possible to view a mix of encrypted and unencrypted components of a web page. You'll see an error message something like "You have requested an encrypted page that contains some unencrypted information. Information that you see or enter on this page could easily be read by a third party." The way around this is to force ALL such traffic to be SSL encrypted.
SSL is one way. There's no way anything can be "injected" backwards into your computah.
With SSL, all the traffic is encrypted.
Well there are other ways that an attacker can end up with forged certificates - just ask Comodo and DigiNotar.
Hey they're working on it:
Spoof router, or set up as "repeater", or receive-alter-reissue certificate. And many, many sites, such as Yahoo mail and Gmail either only do secure during login or insecurely implemented secure login and mix in unsecure data on secure pages whether you say no or not...it got transmitted even if not displayed.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.