Generally, no.

If you are communicating via HTTPS and using SSL v3, you have enough safety to conduct electronic transactions. Anybody using a packet sniffer will not have enough computing resources to decrypt the traffic between you and the end point.

However, that's just the HTTPS session (which happens over port 443 usually, and not port 80). That doesn't mean your computer/iPhone/whatever isn't vulnerable.


There is a UNIX utility called nmap you can run against an IP address to see exactly what a computer or device has exposed to the internet.


For example.... I ran a scan on www.phillyblog.com and got this info, which is rather troubling:

eastchestnut@UNIX:~> nmap www.phillyblog.com

Starting Nmap 4.20 ( http://insecure.org ) at 2008-05-15 06:36 EDT
Interesting ports on 69.36.15.196:
Not shown: 1679 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
26/tcp open unknown
53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
179/tcp filtered bgp
443/tcp open https
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
1720/tcp filtered H.323/Q.931
2605/tcp filtered bgpd
3000/tcp open ppp
3001/tcp open nessusd
3306/tcp open mysql


It looks like the Phillyblog server is exposing the MySQL database communication port to the outside world. Hopefully MySQL is patched up to the highest level here. Normally, I wouldn't leave my database server out in the open. I also see PB is running as a mail exchange, has FTP exposed (hope that daemon is patched up, too), and for some reason, a webcam/conferencing port is also open (the H.323).


Hummmmmmmmmm............

__________________
Buh-bye.