• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Stop wasting time looking for files and revisions. Connect your Gmail, DriveDropbox, and Slack accounts and in less than 2 minutes, Dokkio will automatically organize all your file attachments. Learn more and claim your free account.


Security on HTTPS web sites

Page history last edited by Paul G. Taylor 11 years, 4 months ago


Visual proof of being on the right secure web site.


One way to ensure that you don't get caught that way is to ensure that you are connected to an HTTPS session and that your browser verifies the identity of the host. I read an interesting article that discusses this and gives a tip on making it work in a way that is more easily visually verified in Firefox.

http://www.h-online.com/security/The-right-way-to-handle-encryption-with-Firefox-3--/features/112797]Firefox and security certificates

The right way to handle encryption with Firefox 3

by J├╝rgen Schmidt

He describes how to make Firefox display fully the name and favicon of an HTTPS site, using 'about:config' in the address bar, then typing in 'browser.identity.ssl_domain_display' and changing the value from the default of 0 to 1.

Here is the difference in the display in the address bar : --

browser.identity.ssl_domain_display set to 0 [default]

browser.identity.ssl_domain_display set to 1

Kind of subtle difference, eh? But with a trained eye it just could save you being taken in by a phishing web site.

Hope that helps somebody, sometime to avoid being taken in.



How to obfusticate the inputting of a password in an insecure situation.

Also, if you have to put in a password, under suspicious circumstances, you could try this method : --

[quote][url=http://en.wikipedia.org/wiki/Keystroke_logging#Remote_access_software_keyloggers]Non-technological methods[/url]

Some keyloggers can be fooled by alternating between typing the login credentials and typing characters somewhere else in the focus window.[10] Similarly, a user can move their cursor using the mouse during typing, causing the logged keystrokes to be in the wrong order e.g. by typing a password beginning with the last letter and then using the mouse to move the cursor for each subsequent letter. Lastly, someone can also use context menus to remove, copy, cut and paste parts of the typed text without using the keyboard.

Another very similar technique utilizes the fact that any selected text portion is replaced by the next key typed. E.g. if the password is "secret", one could type "s", then some dummy keys "asdfsd". Then these dummies could be selected with mouse, and next character from the password "e" is typed, which replaces the dummies "asdfsd".[/quote]


Comments (0)

You don't have permission to comment on this page.