No, Art, you're not splitting hairs. There is absolutely a difference between the server being secure vs the browsing session being secure.
Sean Rector, MCSE -----Original Message----- From: Art DeKneef [mailto:[email protected]] Sent: Thursday, June 23, 2011 3:16 PM To: NT System Admin Issues Subject: RE: Cyberattack of the day... You're comparing two different things here. Granted most people wouldn't know the difference. You say Verisign and others have indoctrinated us to the "fact" that an SSL encrypted website is "secure". I checked and they all seem to say "sessions" and not websites. Your post below mentions session so I'm confused if you are talking about the same thing or two different things. Kevin was talking about the server. Granted I'm probably splitting hairs, but too many people assume the two are the same because most vendors do not explain the difference. IMHO. If we do not explain the difference and use the correct terminology, who will. -----Original Message----- From: John Aldrich [mailto:[email protected]] Sent: Thursday, June 23, 2011 11:08 AM To: NT System Admin Issues Subject: RE: Cyberattack of the day... Well, sorta. My point is that it has been drummed into people's heads by Verisign and everyone else that "if you see that little padlock, your session is secure." Now, how is that NOT indoctrinating everyone that it's "secure"? -----Original Message----- From: Joseph Heaton [mailto:[email protected]] Sent: Thursday, June 23, 2011 1:11 PM To: NT System Admin Issues Subject: RE: Cyberattack of the day... Please tell me this is a sarcastic post... >>> John Aldrich <[email protected]> 06/23/11 9:51 AM >>> I'm pretty sure that Verisign and the browser folks have done a very good job indoctrinating us with the "fact" that an SSL-encrypted website is "secure." Matter of fact, I think Verisign's marketing info uses the phrase "secure your website." So, if everyone from Microsoft to "security experts" and banks, etc are all saying "secure" why wouldn't people, including people in IT, believe that SSL==secure? From: Kevin Lundy [mailto:[email protected]] Sent: Thursday, June 23, 2011 12:44 PM To: NT System Admin Issues Subject: Re: Cyberattack of the day... I'm constantly amazed at the number of people, including some in IT, who think SSL means the server is secure. I haven't seen this myself, but I wouldn't be surprised if some phishing attacks use SSL just to leverage that misconception. On Thu, Jun 23, 2011 at 11:53 AM, Ben Scott <[email protected]> wrote: On Thu, Jun 23, 2011 at 11:35 AM, Joseph Heaton <[email protected]> wrote: >> SSL certs are already near-worthless, unfortunately. > > So what do you do to "secure" your website? If not certs, then what? I didn't say I had a better solution. That doesn't prevent me from recognizing the problem. "Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit card information from someone living in a cardboard box to someone living on a park bench." (Eugene "spaf" Spafford) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin Information Technology Manager Virginia Opera Association E-Mail: [email protected] Phone: (757) 213-4548 (direct line) {+} On Sale NOW 2011-2012 Subscriptions featuring four NEW Productions Aida | Hansel And Gretel | Orph?e | The Mikado Visit us online at www.VaOpera.org or call 1-866-OPERA-VA The vision of Virginia Opera is to enrich lives through the powerful integration of music, voice and human drama. This e-mail and any attached files are confidential and intended solely for the intended recipient(s). Unless otherwise specified, persons unnamed as recipients may not read, distribute, copy or alter this e-mail. Any views or opinions expressed in this e-mail belong to the author and may not necessarily represent those of Virginia Opera. Although precautions have been taken to ensure no viruses are present, Virginia Opera cannot accept responsibility for any loss or damage that may arise from the use of this e-mail or attachments. {*} ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
