Dan Bale wrote:
Still, are there any examples of this type of
attack, and are they referred to as "man in the middle" attacks?  (Or was
that just a term you or David coined in this thread?)

It's a reasonably well known term in network security circles.
Which are the "bad" programs that don't notify you of the "dead bodies"?  Is
IE considered to be one of them?  Is it only browsers?  Or can it be
programs like Norton's Live Update, or other non-browser apps that go to the
internet?

Generally, I think it's only programs that retrieve arbitrary data from arbitrary sites (and have security holes) that are at risk. Live update connects to a single system (or defined set of systems) and downloads specific data.


You bring up a good point, David.  Why isn't all internet traffic
SSL-encrpyted nowadays?  Isn't the overhead a non-factor with today's
systems?

SSL is a lot of overhead ... and some systems are not powerful enough to use it on a regular basis. Plus, a web server that is hosting a SSL connection needs to have a certificate. Unless the web host is willing to put up with a self-signed certificate, it needs to be purchased (on an annual basis) from one of the SSL certificate authorities. That can be expensive.


david


As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.