Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: keyloggers? - dont doit

from [Antoine Martin] Network Security [Permanent Link]
Subject: Re: keyloggers? - dont doit
Date: Wed, 06 Apr 2005 20:11:42 +0100 
On Wed, 2005-04-06 at 05:23 -0700, Alvin Oga wrote:

hi ya


You've asked for best practice when accessing your online bank from an
Internet Cafe ? Here it is:
Don't.


dont do it .. even if it is using https .. ssl can be broken
      - anything sent over the internet is sniffable from 
      anywhere in the world

from anywhere in the world? you mean any host along the route if you
have full access to it, not quite the same. and with https... see below


      - even if its your own laptop at the cafe, you do not
      know what other spyware and sniffing hardware toys they
      have on their network

Who cares? If you trust your laptop and use https, I don't see how any
sniffer is ever going to get anything out of the data streams.
Now AFAIK, session riding is near-impossible with https and as long as
the authenticity of the https site can be checked by the authorities on
the laptop's browser software, you're fine, you're not relying on any of
the cafe's infrastructure to authenticate the other end of your
encrypted connection.

      touch screens and usb will not help, as the end result
      is still sent the same ole fashion way on the ethernet cables

if it's sent through https (on your own laptop), it doesn't matter.
encryption occurs before it enters the wire.

Antoine


- but if yu dont like to be told/recommended, don't do it,
  please try it and see how long it takes before someone
  empties your bank acct

c ya
alvin
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: keyloggers? - dont doit, Kyle Maxwell
Next by Date:  RE: Phishing scam using Microsoft name, Michael Howard
Previous by Thread:  Re: keyloggers? - dont doit, Kyle Maxwell
Next by Thread:  Re: keyloggers?, Michael Silk
Indexes:  [Date] [Thread] [Top] [All Lists]