Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Cyber Security Awareness tip #23 Using Browsers, SSL, Domain Names - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cyber Security Awareness tip #23 Using Browsers, SSL, Domain Names

Today's issue revolves around trust, implied, explicit, and undeserved. AKA the bad, the worse, and rather ugly. The question is, can a web server be trusted, and under what conditions? Can a web browser determine the trust value assigned to a web server, and what are the criteria for doing so? What reputation can be assigned to the URL based on IP address, SSL certificate, domain name or other parameters? What is the paradigm for using the Internet for business?

Please let us know your thoughts on the subject.

Update 1 our first example already! Irfanview is a popular graphic image viewer, and is free for personal use, available at its web site: http://www.irfanview.com/ interestingly enough other web sites seem to charge for the 'Pro' version. Are they legit? I'll leave that as an exercise for the reader. Thanks Curt for writing in.

Cheers,
Adrien de Beaupré
Bell Canada

Adrien de Beaupre

353 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!