Full Disclosure mailing list archives
Re: FD / lists.grok.org - bad SSL cert
From: Tim <tim-security () sentinelchicken org>
Date: Mon, 5 Jan 2009 12:47:20 -0800
It's *slightly* better, in that it guards against passive sniffing attacks on the data in transit. You're right that it doesn't guard against an active MITM attack.
How is that better, really? Run tcpdump or ettercap... Either of the tools are off the shelf. It doesn't take a great deal of skill for either. Just because a piece of software is doing an extra step or three doesn't mean an attacker has to do significantly more work. O(1) + O(1) = O(1) What modern networks don't permit active modification of packets in realtime if you have the right access to the data? I can conceive of some hypothetical radio broadcast or other physical media which, if carefully designed, could make MitM attacks difficult by virtue of the media itself (along the lines of a poor man's quantum crypto line), but I don't know of any in use. Do enlighten me if you do. cheers, tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: FD / lists.grok.org - bad SSL cert, (continued)
- Re: FD / lists.grok.org - bad SSL cert Avraham Schneider (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Michael Krymson (Jan 07)
- Re: FD / lists.grok.org - bad SSL cert Anders B Jansson (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Rob Thompson (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Noel Butler (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Adrenalin (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert chort (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Rob Thompson (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Avraham Schneider (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Tim (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Valdis . Kletnieks (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Tim (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Valdis . Kletnieks (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Tim (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Valdis . Kletnieks (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Tim (Jan 05)
- The merits and uses of CAs Christopher Pritchard (Jan 05)
- Re: The merits and uses of CAs Valdis . Kletnieks (Jan 05)