Does anyone actually really think that they need to use SSL? Or do they just add it because people who do not know will think “where’s my little lock icon? this is insecure!” if it’s not there?

Have there ever been any occasions when someone lifted a password or credit card number off the wire rather than just owning the end machine and nicking all its credit card numbers?

Update: topic covered eloquently and in better detail in ”What’s Your Threat Model?

I'm currently available for hire, to help you plan, architect, and build new systems, and for technical writing and articles. You can take a look at some projects I've worked on and some of my writing. If you'd like to talk about your upcoming project, do get in touch.

More in the discussion (powered by webmentions)

  • (no mentions, yet.)