Vulnerability Development mailing list archives
Re: Secure Yahoo logins
From: David Thiel <lx () redundancy redundancy org>
Date: Tue, 27 Aug 2002 21:06:14 -0700
On Tue, Aug 27, 2002 at 08:36:40PM -0700, Nick Jacobsen wrote:
it supports SSH(Secure Telnet)
SSH is not even remotely like "Secure Telnet".
and SSL(HTTPS) decryption and sniffing, as
Only if you have the server's keypair.
I guess my main point is that if you are having your users log in using "secure log in" for the express reason of making it so their password cannot be sniffed, it is pointless, as anyone can STILL sniff it!
There's a higher difficulty level involved with MITM attacks, and measures can be taken to prevent and/or recognize such attacks. SSL is not a panacea, but it's a useful layer of security. The fact that MITM attacks exist is not proper rationale for abandoning the use of encryption.
Current thread:
- Secure Yahoo logins Jeremy (Aug 27)
- Re: Secure Yahoo logins Roland Postle (Aug 27)
- Re: Secure Yahoo logins David Schwartz (Aug 27)
- Re: Secure Yahoo logins John Madden (Aug 27)
- Re: Secure Yahoo logins Roland Postle (Aug 28)
- Re: Secure Yahoo logins Nick Jacobsen (Aug 27)
- Re: Secure Yahoo logins David Thiel (Aug 27)
- Re: Secure Yahoo logins Nick Jacobsen (Aug 28)
- Re: Secure Yahoo logins David Thiel (Aug 28)
- Re: Secure Yahoo logins Steve Bremer (Aug 28)
- Re: Secure Yahoo logins David Thiel (Aug 27)
- Re: Secure Yahoo logins Roland Postle (Aug 27)
- <Possible follow-ups>
- Re: Secure Yahoo logins Alan McCaig (Aug 28)
- Re: Secure Yahoo logins Chris Caydes (Aug 28)
- Re: Secure Yahoo logins Chris Caydes (Aug 28)
- RE: Secure Yahoo logins Kayne Ian (Softlab) (Aug 29)
- Re: Secure Yahoo logins Muhammad Faisal Rauf Danka (Aug 29)