| Source
Kinda funny, from Bruce Schneier, Counterpane Internet Security: "SSL protects the communications link between you and the Web" server, he said. "Nobody bothers eavesdropping on the communications while it is in transit."
Umm, no. Trust me. As a hacker, one of the FIRST things we learned for cracking secure systems was to get onto the network and perform promiscuous packet sniffing of data in transit to obtain passwords that would grant access to systems. And that was almost ten years ago. That's why SSL came around in the first place. If you present the opportunity to obtain sensitive data while it is in transit, someone will take it, rest assured. This was a blatently stupid remark from a supposed "Internet Security" specialist. | |
