Full Disclosure mailing list archives
Re: FD / lists.grok.org - bad SSL cert
From: Tim <tim-security () sentinelchicken org>
Date: Mon, 5 Jan 2009 15:19:06 -0800
No, I don't claim that Joe Sixpack will notice if they're ettercap'ed. However, fine distinctions like the difference between "just throw ettercap at it" and "this protects against passive sniffing but not active MITM" are often important in this business.
That's the thing. I don't think that distinction is relevant in modern networks. Maybe ettercap isn't the optimal tool, but you *should not differentiate between MitM and passive sniffing attacks* if there is no authentication being performed. Unless someone provides me with a counter example, I'm saying that those with access to sniff a network have the access to perform MitM attacks. That's all that's applicable, because the only thing making MitM "harder" is the right piece of software. I think our DRM friends in the content industry have come to realize that this does not make things harder. All it takes is one guy to write and release it. By implying to non-security types that there is some kind of tangible difference in the security between plain text and non-authenticated SSL is a great disservice. Yeah, to the layman it sounds like there ought to be a difference, but there isn't. tim EOL _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: FD / lists.grok.org - bad SSL cert, (continued)
- Re: FD / lists.grok.org - bad SSL cert Noel Butler (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Adrenalin (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert chort (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Tim (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Valdis . Kletnieks (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Tim (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Valdis . Kletnieks (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Tim (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Valdis . Kletnieks (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Tim (Jan 05)
- The merits and uses of CAs Christopher Pritchard (Jan 05)
- Re: The merits and uses of CAs Valdis . Kletnieks (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Avraham Schneider (Jan 06)
- Re: FD / lists.grok.org - bad SSL cert Tim (Jan 05)