Re: Is this REALLY a secure site?

From: Steve N. (Steve_N_at_nunya.biz.nes)
Date: 01/12/05 

Date: Tue, 11 Jan 2005 16:19:15 -0800

Rick Merrill wrote:

> Steve N. wrote:
> ...
>
>> How can anyone really know if an SSL or HTTPS connection is truly
>> secure? Because someone said it is? Even if it is theoretically secure
>> what's to prevent some creep on the other end from swiping your bank
>> info anyway?
>
>
> That is true of creeps behind the gasoline pump too isn't it!?

Yep. I now pay in cash or postal money orders. No checks. No cards. No
fees. No problems.

> The
> human factor is WAY more important than the technology factor. It is
> much easier to glom onto credit card rubbings than it is to sniff
> out packets of information scattered around the internet :-)

Hard to find good help I guess. But in the case of online ID theft when
using bona-fide secure sites you'd think that the employers would screen
or hire bondable emplyees in the first place. Not that this would
prevent a screened and bonded employee from stealing, but I'd think it
would help glean out most of the riff-raff.

What I found to be most interesting in the case I suffered was that a
major credit card company wound up making the authorization against my
account and I didn't even have a credit card nor ever had done business
with that firm. Of course the creep on the other end of the wire
probably punched in the right numbers and the company followed standard
procedure. I still ultimately blame the bank, though.

>
> The tip off to bogus sites is nOt https vs http but whether the
> site uses a numerical IP address: those are always bogus.

Intersting. We frequently access a state public education testing site
that uses numerical addressing and it is definitely not bogus. Curious,
why would you make that distinction? I mean what do you base this upon?

Thanks,
Steve

Relevant Pages

  • Re: A single page from an existing application under SSL?
    ... If you're using forms authentication over HTTP, ... cookie over HTTPS). ... Since credit card submission would take place after ... a certificate for the "secure" version of the site address, ...
    (microsoft.public.dotnet.security)
  • Re: First Time Wireless User
    ... >> You know I've never been asked for my credit card number by a site that ... >> wasn't using secure socket layer that I would even remotely ... always https before requesting my password. ... >> you think are happening in public hotspots etc. ...
    (alt.internet.wireless)
  • Re: secure without the https???
    ... >the browser showed that I was accessing a secure location (https and padlock ... name or credit card number, ... Secure pages (SSL) presents something of a false sense of security; ...
    (alt.computer.security)
  • Re: A single page from an existing application under SSL?
    ... Is it the case then that I could have set the web site up to be both secure ... > information protected by the login is therefore available to anyone who can ... > cookie over HTTPS). ... Since credit card submission would take place after ...
    (microsoft.public.dotnet.security)
  • Re: Form posting to other and sending email
    ... that is the way it usually is but this is a special secure provider. ... > forwards an email with the booking info and prompts to log in and retrieve ... > the credit card info. ...
    (microsoft.public.frontpage.client)