Security Basics mailing list archives
Web Traffic Security and Eavesdropping
From: mojorising <moj0rising () aim com>
Date: Mon, 10 Nov 2008 17:16:08 -0800
Hi, there. We all know many web sites out there encrypt connections with SSL to prevent eavesdropping on user sessions. In a conversation about this today while securing web services/ applications of one of our sites, a friend asked how such a thing is possible if the eavesdropper is not on the same network as the end-user or server being watched. I couldn't provide a very good answer and was wondering if anyone out there could. We know how easy it would be if you were on the same network or had access to one of the nodes on either end or even, perhaps, a switch or router, etc in between those two points. Basically, the question is, can someone out there in the big, bad, internet somehow watch all traffic going to and from another node on the internet (like a web server for example) without being on the same local network as the node they are watching? I'm quite sure the answer to this is yes and if yes, then how is it done? Thanks, Mike
Current thread:
- Web Traffic Security and Eavesdropping mojorising (Nov 12)
- Re: Web Traffic Security and Eavesdropping Shreyas Zare (Nov 12)
- RE: Web Traffic Security and Eavesdropping David Crandell (Nov 12)
- Re: Web Traffic Security and Eavesdropping Jorge L. Vazquez (Nov 12)
- Re: Web Traffic Security and Eavesdropping mojorising (Nov 12)
- RE: Web Traffic Security and Eavesdropping Nick Vaernhoej (Nov 12)
- RE: Web Traffic Security and Eavesdropping David Crandell (Nov 12)
- Re: Web Traffic Security and Eavesdropping Shreyas Zare (Nov 12)
- Re: Web Traffic Security and Eavesdropping Shreyas Zare (Nov 17)
- Re: Web Traffic Security and Eavesdropping mojorising (Nov 19)