Full Disclosure mailing list archives
Re: Re: HTTP AUTH BASIC monowall.
From: greybrimstone () aim com
Date: Wed, 15 Mar 2006 20:19:13 -0500
Simon,
You're a moron.
-Adriel
-----Original Message-----
From: Simon Smith <simon () snosoft com>
To: Dave Korn <davek_throwaway () hotmail com>
Cc: full-disclosure () lists grok org uk
Sent: Wed, 15 Mar 2006 16:04:06 -0500
Subject: Re: [Full-disclosure] Re: HTTP AUTH BASIC monowall.
Dave Korn wrote:
Simon Smith wrote:Ok,As suspected... so I am correct; and it is a security threat. I
can
compromise a network, arp poison it, MiTM, access the firewall, distributed metastasis, presto... owned...
Responding to youw ill be fun... ]\
Utter garbage.
are you from the UK?
You haven't the faintest understanding of the concepts youare throwing around. Whatever you do, DO NOT issue a security
warning based
on this thread, or you will look very foolish.
Who ever said I was going to issue a security advisory or "warning" as you called it? Why do so many people assume so many things?
ARP is no use except to redirect traffic WITHIN THE SAME LAN. You
can't
use it to redirect traffic across the internet-at-large.
Gee, you must have missed the entire thread... who said internet?
A base 64 encoded string is not a hash.
Ok I used the wrong term... been a long day... so sorry...
There's nothing wrong with BASIC AUTH.
Aside from the fact that its... um... insecure?
Seriously, if you don't understand what arp is, how the layers of
the OSI
stack interrelate, or what a hash is, you are fundamentally unaware
of the
basic concepts of networking and security, how can you possible
expect to
write a worthwhile security warning?
Well, you are a good example. You don't write very good emails and you aren't very well aware of the entire email thread now are you? I'll make it a point to not be as silly as you. ;]
cheers,
DaveK
AH you are from the UK, you said Cheers! -- Regards, Adriel T. Desautels Harvard Security Group http://www.harvardsecuritygroup.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ________________________________________________________________________Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: HTTP AUTH BASIC monowall., (continued)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
- Re: HTTP AUTH BASIC monowall. Nick FitzGerald (Mar 15)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
- Re: HTTP AUTH BASIC monowall. bkfsec (Mar 15)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
- Re: HTTP AUTH BASIC monowall. Tim (Mar 15)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
- Re: HTTP AUTH BASIC monowall. Tim (Mar 15)
- Re: HTTP AUTH BASIC monowall. Dave Korn (Mar 15)
- Re: Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
- Re: Re: HTTP AUTH BASIC monowall. greybrimstone (Mar 15)
- Re: Re: HTTP AUTH BASIC monowall. Dave Korn (Mar 16)
- Re: Re: Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 16)
- Re: HTTP AUTH BASIC monowall. Steffen Kluge (Mar 13)
- Re: HTTP AUTH BASIC monowall. Tim (Mar 13)
- Re: HTTP AUTH BASIC monowall. Valdis . Kletnieks (Mar 14)
- Re: HTTP AUTH BASIC monowall. Tim (Mar 14)
- Re: HTTP AUTH BASIC monowall. Jim Popovitch (Mar 13)
- Re: HTTP AUTH BASIC monowall. Tim (Mar 13)