Jump to content

Wouldn't any web encryption be breakable?


Recommended Posts

If the target/victim computer can, for example, connect to an HTTPS site just by pointing their browser there, what is stopping it being cracked? If the target/victim can decode the reply from the server, why can't a man-in-the-middle? If you have every packet sent and every packet recieved, you have everything the target/victim used to display the final web page, downloaded file, banking information, etc.

Link to comment
Share on other sites

The only thing stopping a MITM attack from working with a browser is the verification the browser does in order to determine if the certificate is from a trusted source. The result of this if the certificate cannot be validated is a popup saying "this certificate is not valid/is from untrusted source". In firefox 3.5 it's very awkward to get past this message as you have to expand the "yes I know what I'm doing" drop down then explicitly add an exception. Not sure what IE does, used to be a simple "Are you sure? Yes/no" (as did firefox at some point a while ago) box.

You can find out what happens in your current browser by going here: https://getdropbox.com/

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...