On 8/2/2010 8:56 AM, Istace Emmanuel wrote:
> " Should I be worried about banking transactions or credit card orders?"
> Yeah :(
>
> " You could use any kind of VPN you want with the remote site. Use an IPSEC
> tunnel between hosts if you don't trust SSL. Or OpenVPN with blowfish."
> No, because the SVN is on a SaaS cloud, so we just have access to the
> service and not the system. So we can't install a VPN server and remember,
> vpn and ipsec use SSL. Search on google about SSL Spoofing ;)
Can you point me to something specific? I see things about spoofing
some other site's certificate and some things about specific
implementations being subject to man-in-the-middle attacks but nothing
that looks like a generic weakness. If you are concerned about your
service provider (who would have the best opportunity to arrange a
man-in-the-middle connection), maybe you should use someone else - or a
service that lets you run your own system images where you could set up
a blowfish-based vpn.
--
Les Mikesell
lesmikesell_at_gmail.com
Received on 2010-08-02 17:07:51 CEST