RE: Web Traffic Security and Eavesdropping

["Nick Vaernhoej" <nick.vaernhoej () capitalcardservices com>]

Mike,

I think you got it backwards......
The answer is that it really IS possible.
But more information is needed to fully explain how.

Nick

-  -----Original Message-----
-  From: mojorising
-  Sent: Wednesday, November 12, 2008 3:06 PM
-  Subject: Re: Web Traffic Security and Eavesdropping
-
-  Guys, thanks for these awesome responses.
-
-  So, basically, it seems my friend and I were on the right track when
-  we couldn't think of a way some random person could sniff all (or
any)
-  traffic going to and from a web site (or any node on the Internet)
-  they don't have access to (or have access to a node somewhere along
-  the way, like a router or switch). The answer is that it's not really
-  possible. This statement primarily holds true under somewhat normal
-  circumstances, of course, aside from hacks like the BGP exploit
-  mentioned in the Wired article.
-
-  Mike
-
-
-
-  2008/11/12 Jorge L. Vazquez <jlvazquez825 () gmail com>:
-  > agree with that... has lots of information, but it doesn't say
-  anything
-  >
-  >
-  > Jorge L. Vazquez
-  > blog: www.pctechtips.org
-  >
-  >
-  > David Crandell wrote:
-  >> That article is wicked!
-  >>
-  >> Kinda one of those blindingly-obvious concepts....
-  >>
-  >> Dave Crandell
-  >> Vice President, Information Systems
-  >> On Hold Media Group
-  >> 972-758-1300
-  >> david () onholdwizard com
-  >>
-  >>
-  >> -----Original Message-----
-  >> From: listbounce () securityfocus com
-  [mailto:listbounce () securityfocus com] On
-  >> Behalf Of Shreyas Zare
-  >> Sent: Wednesday, November 12, 2008 10:31 AM
-  >> To: mojorising
-  >> Cc: security-basics () securityfocus com
-  >> Subject: Re: Web Traffic Security and Eavesdropping
-  >>
-  >> Hi,
-  >>
-  >> I think this (http://blog.wired.com/27bstroke6/2008/08/revealed-
-  the-in.html)
-  >> will explain how.
-  >>
-  >> Regards,
-  >>
-  >> On Tue, Nov 11, 2008 at 6:46 AM, mojorising <moj0rising () aim com>
-  wrote:
-  >>
-  >>> Hi, there. We all know many web sites out there encrypt
-  connections with
-  >>>
-  >> SSL
-  >>
-  >>> to prevent eavesdropping on user sessions. In a conversation
about
-  this
-  >>> today while securing web services/ applications of one of our
-  sites, a
-  >>> friend asked how such a thing is possible if the eavesdropper is
-  not on
-  >>>
-  >> the
-  >>
-  >>> same network as the end-user or server being watched. I couldn't
-  provide a
-  >>> very good answer and was wondering if anyone out there could. We
-  know how
-  >>> easy it would be if you were on the same network or had access to
-  one of
-  >>>
-  >> the
-  >>
-  >>> nodes on either end or even, perhaps, a switch or router, etc in
-  between
-  >>> those two points.
-  >>>
-  >>> Basically, the question is, can someone out there in the big,
bad,
-  >>>
-  >> internet
-  >>
-  >>> somehow watch all traffic going to and from another node on the
-  internet
-  >>> (like a web server for example) without being on the same local
-  network as
-  >>> the node they are watching? I'm quite sure the answer to this is
-  yes and
-  >>>
-  >> if
-  >>
-  >>> yes, then how is it done?
-  >>>
-  >>>
-  >>> Thanks,
-  >>> Mike
-  >>>
-  >>
-  >>
-  >>
-  >> --
-  >> Shreyas Zare
-  >> Co-Founder, Technitium
-  >> eMail: shreyas () technitium com
-  >>
-  >> ..::< The Technitium Team >::..
-  >> Visit us at www.technitium.com
-  >> Contact us at theteam () technitium com
-  >>
-  >> "Even if you're on the right track, you'll get run over if you
just
-  sit
-  >> there."
-  >> --Will Rogers
-  >>
-  >> "So run ..."
-  >> -- Shreyas Zare
-  >>
-  >> Join Sci-Tech News group and get the latest science & technology
-  news
-  >> in your inbox. Visit http://tech.groups.yahoo.com/group/sci-tech-
-  news
-  >> to join.
-  >>
-  >>
-  >>
-  >>
-  >
-  >

This electronic transmission is intended for the addressee (s) named above. It contains information that is privileged, 
confidential, or otherwise protected from use and disclosure. If you are not the intended recipient you are hereby 
notified that any review, disclosure, copy, or dissemination of this transmission or the taking of any action in 
reliance on its contents, or other use is strictly prohibited. If you have received this transmission in error, please 
notify the sender that this message was received in error and then delete this message.
Thank you.