Syntactic Confectionery Delight | |
PerlMonks |
Re: Re: (OT) SSL Certificates: Self-Signing and Alternative Solutionsby hardburn (Abbot) |
on Nov 10, 2003 at 14:56 UTC ( [id://305879]=note: print w/replies, xml ) | Need Help?? |
While we're bothering to educate users, why not explode the "Must Have Encryption on Credit Card Numbers" myth? For a random person on the Internet, sniffing traffic to get credit card numbers (even if everything was sent in cleartext) is difficult, and doesn't get a very large reward. You'll have to get a machine physically on the network of a router, grab all the traffic (which could be well into gigabytes per day, or even per hour), and anylize all of it for CC nums. Consider that many companies store the credit card on a machine sitting just outside their main firewall. There could be thousands of CC nums sitting on one of these machines at any one time. Compared to traffic sniffing, cracking into those boxes is often piss-easy (just wait for the next OpenSSH or Windows bug to come along--shouldn't take too long in either case). Those boxes are your main point of security failure, not SSL. ---- : () { :|:& };: Note: All code is untested, unless otherwise stated
In Section
Meditations
|
|