In <[🔎] pan.2011.01.01.18.04.30@gmail.com>, Camaleón wrote: >On Sat, 01 Jan 2011 03:46:09 -0800, S Mathias wrote: >> KB SSL Enforcer >> https://chrome.google.com/extensions/detail/flcpelgcagfhfoegekianiofphddck >> of?hl=en >> >> so i could browse the net safer [i mean webserver <-> me] with using >> https, if available. > >Do you feel "safer" just for browsing the web using "https"? Sure, >your data is encrypted but the server you are contacting can have >been compromised and you still can be hosed >:-) > >What I want to say is that security is _not just_ encryption. That's why SSL also does identity verification. There has to be a trust chain between you and the remote site certificate. (In fact, without this, the encryption is mostly useless since an MITM attack is available.) Using HTTPS where possible /is/ *safer*, than not doing so, but it doesn't protect you from all threats. In particular, if Facebook (etc.) stores your private information and then later gets "pwned" by crackers, the crackers will have access to that data. -- Boyd Stephen Smith Jr. ,= ,-_-. =. bss@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
Attachment:
signature.asc
Description: This is a digitally signed message part.