[ale] How to test your public internet connection for open ports

Michael B. Trausch mike at trausch.us
Fri Feb 11 02:17:30 EST 2011


On Thu, 2011-02-10 at 20:51 -0500, David Tomaschik wrote:
> 2.) Misleading descriptions of the implications of open ports.  If you
> run GRC's "Shields Up" with 443 open, you'll receive this message:
> "The presence of this secure web port in your system implies that this
> system is establishing secure connections with web browsers. The
> number one reason for doing this is the transmission of credit card
> information. This implies that the successful intruder could access
> the web server's credit card database and score bigtime. This is a
> VERY bad port to have open unless you are actually conducting secure
> web commerce!"

Seriously?

You know, it is things like this that give the government the idea that
it can be our daddy.  Because people can't be trusted to do things right
or not at all.  People can't be trusted to take advantage of the lack of
knowledge and/or experience of other people.  People suck.

>   There are a number of other uses of HTTPS, and implied in this
> message is that being compromised by HTTPS makes it easier for the
> attacker to gain access to the database than any other compromise,
> leading to users thinking that other open ports are "less important". 

I use SSL on things that don't strictly speaking need it because I value
privacy.  The message above sounds like an attempt to convince people
that security comes at the cost of privacy.  Oh, where have I heard that
before...?

	--- Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20110211/346ccbdc/attachment.bin 


More information about the Ale mailing list