Re: [NF] Clarification on web security

Author: Ken Dibble

Posted: 2014-07-30 at 10:40:40

>Your client needs to update their workstations to a better operating

>system. ALL operating systems are better than Windows XP.

>

>Right now, they are in danger of a "Zero Day" attack that can compromise

>their Windows XP machines, and once a foothold in their network is

>established, potentially contaminate every machine on that network, and

>every network that network connects to.

With all due respect, FUD.

This claim has been made for over a year. Something like 30% of OSes were

still XP a year or so ago, and supposedly the day after MS stopped

"support" the world was going to come to an end with a massive zero-day

attack. So far, no fire to go with all the smoke.

There was one issue discovered with *IE* on Windows XP, not the OS itself,

and MS issued a patch even though XP is no longer "supported". If that

happens again, I bet they do it again.

Again, the older your OS is, the less likely it is an actual target for

real, not theoretical, malware that is actually in circulation today.

>As for SSL, (https in the browser, sometimes a little padlock) all that

>does is ensure that an encrypted connection exists between the two

>endpoints of the client application (browser) and the destination (web

>application). This simply ensures that anyone who can see that network

>stream of data ("a man in the middle") cannot read the data. However, if

>the browser endpoint is compromised, all the data going over that

>connection could be read, monitored, stolen or altered.

SSL certificates are a form of blackmail. You pay in order to get somebody

to issue an opinion that your encryption is good. That does not mean your

encryption is not good if you don't pay to get the certificate.

Ken Dibble

www.stic-cil.org

_______________________________________________

Post Messages to: ProFox@leafe.com

Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox

OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech

Searchable Archive: http://leafe.com/archives/search/profox

This message: http://leafe.com/archives/byMID/profox/5.2.1.1.1.20140730113504.01efbb30@POP-Server.stny.rr.com

** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.

©2014 Ken Dibble