Re: Re: Secure Intranet?

["Byron Kennedy" <snail945 () yahoo com>]

forgive me, i'm not following you.  i find the words "some" and  "fairly
trivial" difficult to put my hands around.

Most of the security/web engineers I know who work for large banks
demonstrate a genuine interest in protecting customer's data as well as an
intimate understanding of what would happen (to the institution as a going
concern) if their sites are hacked and data is compromised as a result.
Perception is reality.

What factual data do you have - demonstrating examples of where https was
exploited, data was compromised and losses realized?

----- Original Message -----
From: <Danny.Carroll () mail ing nl>
To: <security-basics () security-focus com>
Sent: Tuesday, November 05, 2002 10:14 PM
Subject: RE: Re: Secure Intranet?


> > If HTTPS is not secure enough, than why do banks use them?  Just
> > wondering...

Because *most* people see the litle padlock in the status bar and think that
it's secure.
So the banks humour them.

On the other hand it *does* provide some, if not fairly trivial security.

-D
-----------------------------------------------------------------
ATTENTION:
The information in this electronic mail message is private and
confidential, and only intended for the addressee. Should you
receive this message by mistake, you are hereby notified that
any disclosure, reproduction, distribution or use of this
message is strictly prohibited. Please inform the sender by
reply transmission and delete the message without copying or
opening it.

Messages and attachments are scanned for all viruses known.
If this message contains password-protected attachments, the
files have NOT been scanned for viruses by the ING mail domain.
Always scan attachments before opening them.
-----------------------------------------------------------------