Full Disclosure mailing list archives
Re: HTTP AUTH BASIC monowall.
From: "Dave Korn" <davek_throwaway () hotmail com>
Date: Wed, 15 Mar 2006 20:55:10 -0000
Simon Smith wrote:
Ok, As suspected... so I am correct; and it is a security threat. I can compromise a network, arp poison it, MiTM, access the firewall, distributed metastasis, presto... owned...
Utter garbage. You haven't the faintest understanding of the concepts you are throwing around. Whatever you do, DO NOT issue a security warning based on this thread, or you will look very foolish. ARP is no use except to redirect traffic WITHIN THE SAME LAN. You can't use it to redirect traffic across the internet-at-large. A base 64 encoded string is not a hash. There's nothing wrong with BASIC AUTH. Seriously, if you don't understand what arp is, how the layers of the OSI stack interrelate, or what a hash is, you are fundamentally unaware of the basic concepts of networking and security, how can you possible expect to write a worthwhile security warning? cheers, DaveK -- Can't think of a witty .sigline today.... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: HTTP AUTH BASIC monowall., (continued)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
- Re: HTTP AUTH BASIC monowall. Michael Holstein (Mar 15)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
- Re: HTTP AUTH BASIC monowall. Nick FitzGerald (Mar 15)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
- Re: HTTP AUTH BASIC monowall. bkfsec (Mar 15)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
- Re: HTTP AUTH BASIC monowall. Tim (Mar 15)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
- Re: HTTP AUTH BASIC monowall. Tim (Mar 15)
- Re: HTTP AUTH BASIC monowall. Dave Korn (Mar 15)
- Re: Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
- Re: Re: HTTP AUTH BASIC monowall. greybrimstone (Mar 15)
- Re: Re: HTTP AUTH BASIC monowall. Dave Korn (Mar 16)
- Re: Re: Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 16)
- Re: HTTP AUTH BASIC monowall. Steffen Kluge (Mar 13)
- Re: HTTP AUTH BASIC monowall. Tim (Mar 13)
- Re: HTTP AUTH BASIC monowall. Valdis . Kletnieks (Mar 14)
- Re: HTTP AUTH BASIC monowall. Tim (Mar 14)
- Re: HTTP AUTH BASIC monowall. Jim Popovitch (Mar 13)