Re: [PCTECH] Need firewall protection,

[David Gibbs <david@xxxxxxxxxxxx>]

Dan Bale wrote:
> Still, are there any examples of this type of
> attack, and are they referred to as "man in the middle" attacks?  (Or was
> that just a term you or David coined in this thread?)

It's a reasonably well known term in network security circles.
> Which are the "bad" programs that don't notify you of the "dead bodies"?  Is
> IE considered to be one of them?  Is it only browsers?  Or can it be
> programs like Norton's Live Update, or other non-browser apps that go to the
> internet?

Generally, I think it's only programs that retrieve arbitrary data from 
arbitrary sites (and have security holes) that are at risk.  Live update 
connects to a single system (or defined set of systems) and downloads 
specific data.

> You bring up a good point, David.  Why isn't all internet traffic
> SSL-encrpyted nowadays?  Isn't the overhead a non-factor with today's
> systems?

SSL is a lot of overhead ... and some systems are not powerful enough to 
use it on a regular basis.  Plus, a web server that is hosting a SSL 
connection needs to have a certificate.  Unless the web host is willing 
to put up with a self-signed certificate, it needs to be purchased (on 
an annual basis) from one of the SSL certificate authorities.  That can 
be expensive.

david