Security Basics mailing list archives
Re: Web Traffic Security and Eavesdropping
From: mojorising <moj0rising () aim com>
Date: Mon, 17 Nov 2008 15:53:18 -0800
Cool, cool. This makes a lot of sense. I've got a pretty solid understanding of it now. Thanks again, everyone. Mike 2008/11/17 Shreyas Zare <shreyas () technitium com>:
Hi, I would just say that a determined person can do anything. The simplest way can be to get into the same network by getting hold of a single compromised machine and then just sniff for the data. The BGP attack is quite possible but in practice how guaranteed the attack is a question. Still, the point is it can be carried out from any node on the internet that makes it dangerous. Regards, On Sun, Nov 16, 2008 at 4:19 PM, Adam Pal <pal_adam () gmx net> wrote:Hello Mike, My feeling is that you are both right, the one who asked you how it is possible and you. It is not possible when the attacker is not on the same virtual path (lets say path instead network) but the attacker has -as the wired-article describes- the possibility to bring himself on the path for instance by modifying the route (BGP). As you see, the answer to your question is no. You cannot pick up any information from a flow you are not connected to somehow. The webserver doesnt see all the information, it sees all information delivered to it once he is a part of the virtual path the information took. -- Best regards, Adam Pal-- ("Relax, its only ONES and ZEROS !") Shreyas Zare Co-Founder, Technitium eMail: shreyas () technitium com ..::< The Technitium Team >::.. Visit us at www.technitium.com Contact us at theteam () technitium com Join Sci-Tech News group and get the latest science & technology news in your inbox. Visit http://tech.groups.yahoo.com/group/sci-tech-news to join.
Current thread:
- Web Traffic Security and Eavesdropping mojorising (Nov 12)
- Re: Web Traffic Security and Eavesdropping Shreyas Zare (Nov 12)
- RE: Web Traffic Security and Eavesdropping David Crandell (Nov 12)
- Re: Web Traffic Security and Eavesdropping Jorge L. Vazquez (Nov 12)
- Re: Web Traffic Security and Eavesdropping mojorising (Nov 12)
- RE: Web Traffic Security and Eavesdropping Nick Vaernhoej (Nov 12)
- RE: Web Traffic Security and Eavesdropping David Crandell (Nov 12)
- Re: Web Traffic Security and Eavesdropping Shreyas Zare (Nov 12)
- Re: Web Traffic Security and Eavesdropping Shreyas Zare (Nov 17)
- Re: Web Traffic Security and Eavesdropping mojorising (Nov 19)