From: "Dr Balwinder Singh Dheeman"

| Proteus wrote:
>> I am told by people in charge at the campus where I teach that this login
>> page is secure, that the form login info (username, password) is secure
>> when sent. But the browser page (Firefox, Mandriva Linux) info says the
>> page is not encrypted, not secure. Can someone clarify how such a login
>> page can securely transmit the login info? Link to login page is below:
>> http://www.lsc.edu/Online/VirtualCampusLogin.cfm

|
| No, I don't think; you are sending clear text data via _http_ (port 80),
| where as URL's for secure pages send encrypted data via _https_ (http
| via ssl, port 443).
|
| You can verify/confirm it by capturing data on port 80 and, or 443 with
| help of tcpdump(8) and, or ethereal(1).
|

I just used Ethereal and the packet decode does show https (443) to 199.17.13.240

It shows "Client Key Exchange, Change Cipher Spec., Encrypted Handshake Message"

I couldn't see a Clear Text of my faux Username and Password

Looking at the HTML source I find...

https://lsc.ims.mnscu.edu/d2l/Tools/login/doLogin.asp" method="post"
name="processLogonForm">
   id="userName" name="userName" size="10"/>

for="password">Password:    size="10" type="password"/>

align="right">