Chris Penn wrote:
SSL is safe, as long as you don't accidentally accept a bad cert. I was accepting a cert for pidgin when I accidentally just hit enter for a cert that pop up as I was booting up on the local lan at its a grind. While pidgin was loading I had Firefox loading as well which was logging in to gmail. When that happens, ssl is working fine, but no longer matters.
Also, when this happens, you're not sending your traffic to, say, the wireless router in the coffee shop, you're sending it to someone else's laptop (thanks to ARP spoofing). As soon as that happens, the ssl cert (or whatever) breaks and you're prompted to confirm the change...which Chris inadvertently did.
