For those that think ssl is secure ...or not
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: For those that think ssl is secure ...or not

  1. #1
    Junior Member
    Join Date
    Mar 2006
    Posts
    7

    Question For those that think ssl is secure ...or not

    Hello people,

    How secure is my ssl for browsing, with a live in hacker with almost full access, without administrator privilages and no access to my set up on windows XP pro. I use a dial up connection....

    Thanks fellows


    The Ram
    www.smplayers.esmartmusic.comportable mp3 players in south africa

  2. #2
    Not secure at all.

    It is a trivial matter to install a keylogger or rootkit if you have physical access to the machine.

    Although he/she may not be able to break the SSL, it is not difficult to intercept the data before it gets encrypted.


    What steps have you taken to secure local access to the machine?

  3. #3
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177

    Re: For those that think ssl is secure ...or not

    Originally posted here by theram
    Hello people,

    How secure is my ssl for browsing, with a live in hacker with almost full access, without administrator privilages and no access to my set up on windows XP pro. I use a dial up connection....

    Thanks fellows


    The Ram
    You are asking the wrong question. Its nothing to do with the 'security of SSL'. Its all to do with the physical, logical, and social security of your computing environment.

    To quote/paraphrase Gene Spafford (again):
    "(SSL) Internet encryption is the equivalent of heavy armored cars. The problem is, they are being used to transfer rolls of coins and checks written in crayon by people on park benches to merchants doing business in cardboard boxes from beneath highway bridges."
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  4. #4
    Banned
    Join Date
    Apr 2003
    Posts
    1,146
    Zip, nadda, zilch.

    Physical access trumps everything.

  5. #5
    Senior Member
    Join Date
    Dec 2004
    Posts
    320
    Does this have something to do with d0ppy moving in ? j/k
    Sorry man, couldn't resist that.
    The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare

  6. #6
    Junior Member
    Join Date
    Mar 2006
    Posts
    7
    Originally posted here by Synja
    Not secure at all.

    It is a trivial matter to install a keylogger or rootkit if you have physical access to the machine.

    Although he/she may not be able to break the SSL, it is not difficult to intercept the data before it gets encrypted.


    What steps have you taken to secure local access to the machine?
    i will start with key loggers... I intalled an antikey loggr that encrypts everything from the keyloggers and prevents them from taking snapshots of onscreen activities, it is one of the best. WEll I dont know what rootkits are, and I would like to learn what they are and how to prevent any damge from them. Other steps I have taken to secure the machine are to limit administrator rights to him but the hacker enjoys booting in safe mode these days... Also I have installed my main browser, in a new windows XP encrypted folder that no one but me has access to or let even knows where it is. I don't know if the data can be intercepted in this kind of environment.
    You are asking the wrong question. Its nothing to do with the 'security of SSL'. Its all to do with the physical, logical, and social security of your computing environment.
    What more can I do to secure this environment in light of the fact that it is almost impossible at the moment to secure the social aspect... ...Experts, I wouldn't want to go onabout the social aspect, it is just not possible. If as an expect you find yourself in this kind of situation, how would you help yourself without touching the social aspect

    Zip, nadda, zilch.

    Physical access trumps everything.

    surely there must be a way somehow... "If you can break through, cerainly there is a way to prevent you from breaking through" LOGIC and computers
    www.smplayers.esmartmusic.comportable mp3 players in south africa

  7. #7
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    Use Knoppix and run the computer off your CD. Save everything to a thumbdrive. Live CD's are the most secure way to go in my book. No harddrive to write to. If by some chance you get infected in some session, reboot and it's gone. Of course, that's the downside too. You're not goin' to have much fun installing new software.

    Physical access trumps everything.
    I've used live CD's in a corporate environment on a very limited basis and I don't think the admins had any idea I was there. The only keylogger that will get you using a live CD is a hardware keylogger (KeyKatcher).
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  8. #8
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by brokencrow
    Use Knoppix and run the computer off your CD. Save everything to a thumbdrive. Live CD's are the most secure way to go in my book. No harddrive to write to. If by some chance you get infected in some session, reboot and it's gone. Of course, that's the downside too. You're not goin' to have much fun installing new software.



    I've used live CD's in a corporate environment on a very limited basis and I don't think the admins had any idea I was there. The only keylogger that will get you using a live CD is a hardware keylogger (KeyKatcher).
    There's a rather large problem with this... It's a great idea if you're using a public computer that you don't know what's happened with it... but if you use this as your "security" on your own PC... why bother owning a PC? You lose speed, you lose the benefits of an installed OS... it doesn't make sense to use a Live CD for all your computing at home because you don't trust someone in the house... This just increases the mistrust in my opinion. You now have a bootable device on your PC that isn't the hard drive... If there's any mistrust in the building... The only device the computer is capable of booting off of should be the HDD and even that should require a password... The case should also be locked shut to prevent tampering with the jumpers... However booting off a CD is just asking for the PC to be left open to tampering..

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  9. #9
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    Well, first, any multi-user machine is essentially a public computer. Especially a Windows machine and its penchant for infections. Run a live cd on the family computer and you got a whole new machine. It could be laden with viruses, but that won't affect Knoppix. Trust isn't your issue anymore, it's someone else's.

    Sure, you lose speed. You always lose speed in making a computer more secure. McAfee, Norton's, they slow a computer, too. Most PC's are set by default now to boot from the cd.

    Why bother owning a computer? That's a strange question. You still need a computer to run the cds, yes?
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  10. #10
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by brokencrow
    Well, first, any multi-user machine is essentially a public computer. Especially a Windows machine and its penchant for infections. Run a live cd on the family computer and you got a whole new machine. It could be laden with viruses, but that won't affect Knoppix. Trust isn't your issue anymore, it's someone else's.
    I'm not sure I follow this.. my machine is multi user and definately not a public computer.. a public computer would be in a coffee shop, cyber cafe or library... not the family room... Why'd you have to throw a jab at Windows in there??? Did you know that Ubuntu ships with more listening services than Windows... and as I've said... I know many user who've never had a problem with Windows and an infection... Yes you have a whole new machine... but you've lost the use of your hard drive.. You've lost running the latest and greatest drives... you've lost upgrading vulnerable software.. I'm not sure I see the gains.

    Sure, you lose speed. You always lose speed in making a computer more secure. McAfee, Norton's, they slow a computer, too. Most PC's are set by default now to boot from the cd.
    I'm not sure about you... but I've lost no speed securing my computer.. McAfee and Norton may increase RAM usage... but I never told him to use those... I'd never tell any self respecting person to use those. Also what does a PC being set to boot from CD by default have to do?? It's no problem to turn it off in order to secure the machine... Again it's not going to slow the computer (which you seem to think securing a computer will do... in fact it will increase boot time because it's one less device that has to be looked at).

    Why bother owning a computer? That's a strange question. You still need a computer to run the cds, yes?
    If you're that paranoid that you run a boot CD on your family computer you're losing every convenience that a PC is meant to offer... so at that point.. there isn't much sense in owning your own

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •