How secure is SSL actually?

Question

How secure is SSL actually?

The other day, I noticed that if I started IEInspector HttpAnalyser and captured the data after entering my bank account or amazon account, these messages display my username and password in the box. This is a bit of a concern. Does anyone know at what point SSL encryption occurs? I assume this means that any software installed on your computer could potentially access this post-data. Very scary.

+3

security ssl

Andrew Feb 11 '10 at 9:09

source share

6 answers

Secure Socket Layer - encrypts data through a socket (network / internet) NOT on your local machine.

+7

Robin day Feb 11 '10 at 9:11

source share

SSL " ". , ( SSL, , - http://twit.tv/sn223).

, . SSL . , keylogging...

+2

Guillaume 11 . '10 9:14

SSL .

, Thilo - IEInspector, , IE, . , , SSL .

, , , Wireshark . , , .

+2

Paolo 11 . '10 9:21

SSL, uid/pwd . , SSL - . , - , TLS 1.0 (TLS IETF SSL)

- SSL? , , , / ciphersuites, 40- 56- RC4 DES, MD4 ..

SSL , , .

As a concluding remark. SSL is generally better than anything you could design :)

greetings michael

+1

Michael Howard-MSFT Feb 11 '10 at 10:31

source share

SSL encryption will certainly happen before you get on the network. A sniffer packet cannot receive the contents of a request or response.

Does IEInspector go inside IE (as a plugin)? In this case, it can probably do some pretty nasty things (but you agreed to it when you installed it).

0

Thilo Feb 11 '10 at 9:14

source share

Hassan syed · Accepted Answer · 2010-02-11T09:12:17+0000

Thing is built into your browser! A browser is an object that encrypts text, so it will have copies of both encrypted and unencrypted text. The plugin you specified has access to everything IE does.

If you want a true idea of what is going on, use wireshark . This will read the actual network traffic output by your browser.

How secure is SSL actually?

More articles: