[cryptography] Newbie Question

Marsh Ray marsh at extendedsubset.com
Fri Dec 2 00:40:10 EST 2011


On 12/01/2011 11:11 PM, Sampo Syreeni wrote:
> On 2011-12-01, Randall Webmail wrote:
>
>> I am an almost-complete greenie WRT crypto, which is why I'm here
>> to learn.
>>
>> What is the proper thing to do when one of those things pops up?
>> (It is NOT a rare event).
>
> They mostly mean you no harm.

You don't know that.

For all we know, Randall Webmail is someone who posted something
derogatory about the King or El Presidente and when the Honor Police get
on his Facebook they're going to round up all his friends along with him.

Or he's sitting comfortably in his quite suburban home and he happens to
have one of the estimated 1M home routers that are pwned or 1M PCs with
the dnschanger trojan and his banking session is being redirected to a 
hostile server.
http://www.eweek.com/c/a/Security/Researchers-Discover-Link-Between-TDSS-Rootkit-and-DNSchanger-Trojan-753018/


> So just accept/except.

This is not good advice.

> But always bear in mind that it *could* be a man-in-the-middle
> attack.

All legitimate secure sites have a valid certificate, or the site is 
horribly broken.

If you ask for a secure site, and are presented with a certificate that 
was not issued to the legitimate site, it *is* a man-in-the-middle 
attack, by definition.

Just because you're staying in a hotel does not mean that you must allow 
that hotel to intercept your secure communications. Furthermore, you 
probably have know way of knowing that it even is the hotel that's 
intercepting you. Hotel networks are not known for themselves being 
secure, and authentication systems tend not to degrade gracefully.

- Marsh



More information about the cryptography mailing list