infp - 9:44 pm on Jul 31, 2008 (gmt 0)

I thought the topic was "How Safe is SSL from MITM (Man In The Middle) Attacks".

The attacks you mentioned, however, are not attacks on SSL connections. The first attack assumes that the user starts browsing a non-SSL URL that takes him to an incorrect URL. This is not an attack on SSL. The desired SSL connection does not exist (with respect to our topic, you have nothing to attack).

The other attacks are not attacks on SSL but exploitation of ignorance of users and their inability to use SSL. This does not mean that SSL cannot protect against MITM attacks (it means that not all people can use SSL).

SSL doesn't prevent anything except stopping you from decoding the conversation

SSL protects:

- The authenticity of the data (you know where/who it came from).

- Confidentiality of the data (nobody knows what you are receiving/sending).

- Integrity (alteration of data by MITM produces random garbage instead of meaningful changes and the alteration is detected).