From: Wolf K on
Someone wrote:
>>> I've always been led to believe that 'https' (padlocked) sites are safe
>>> to use,

Not so. It just means that messages exchanged between it and your
computer are encrypted. This makes the mutual messaging "safe" in the
sense that an outsider who intercepts the messages will be unable to
read them without some effort (usually more than the likely payoff is
worth.)

But the website itself may still be or contain evil.

cheers,
wolf k.
From: Peter Foldes on
Don't feed the Trolls especially this Troll

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
http://www.microsoft.com/protect

"Ant" <not(a)home.today> wrote in message
news:h9qdnS-erdygevzRnZ2dnUVZ8nmdnZ2d(a)brightview.co.uk...
> "~BD~" wrote:

From: ~BD~ on
Wolf K wrote:
> Someone wrote:
>>>> I've always been led to believe that 'https' (padlocked) sites are safe
>>>> to use,
>
> Not so. It just means that messages exchanged between it and your
> computer are encrypted. This makes the mutual messaging "safe" in the
> sense that an outsider who intercepts the messages will be unable to
> read them without some effort (usually more than the likely payoff is
> worth.)
>
> But the website itself may still be or contain evil.
>
> cheers,
> wolf k.

Thank you 'Wolf K' - your comment appreciated.
From: Ant on
"~BD~" wrote:

> Ant wrote:
>> "You have requested an encrypted page that contains some unencrypted
>> info...".
>>
>> That's true because the video link there is hosted on screencast.com
>> which is fetched by http rather than https.
>
> Thank you for explaining that. My real concern was that, perhaps,
> personal details, including credit card number, might be accessible by
> third parties.

Never mind 3rd parties, I wouldn't trust the site itself with details
like that.

> Btw, if you had physical access to a Windows machine, is there a simple
> check you could carry out to quickly determine if the machine had,
> indeed, been compromised? (other than scanning with anti-malware
> programmes).

No.


From: FromTheRafters on
"~BD~" <BoaterDave~no.spam~@hotmail.co.uk> wrote in message
news:RoCdnRN8Ae0B1P_RnZ2dnUVZ8vGdnZ2d(a)bt.com...

[...]

> Btw, if you had physical access to a Windows machine, is there a
> simple check you could carry out to quickly determine if the machine
> had, indeed, been compromised? (other than scanning with anti-malware
> programmes).

Yes, but not very simple really. The problem is that you could *not*
determine that it had *not* been compromised. Most malware is going to
want to "do stuff" with the computing power it is stealing from you, if
it does that stuff - you know the machine has been compromised.

IOW, if it spews out malicious packets when you sufficiently emulate a
networking environment for it (or use a "test network"), that's a pretty
good indicator. However, If it doesn't do any obvious stuff, it doesn't
mean anything at all.