Re: Passwordlist in Wireshark - User feedback wanted

[Richard Sharpe <realrichardsharpe () gmail com>]

On Sun, Jun 16, 2019 at 9:52 AM Jasper Bongertz <jasper () packet-foo com>
wrote:

> Hi
>
> There is a patch currently waiting for inclusion. It would allow for
> dissectors to easily make credentials (username/password) available and
> present them in a tool window in Wireshark.
>
> The main concern here is, that this could lead companies, evaluating
> Wireshark to be used within  the company, to deny the use of the program,
> due to wrongly identifying Wireshark as a hacking tool.
>
> We would like your feedback on that topic
>
> kind regards
> Roland
> Hi,
>
> I have seen at least three occasions where the fact that credentials were
> that easily accessed with a network analysis tool has resulted in a ban of
> that exact tool by upper management. In one case this affected a freshly
> bought license of Clearsight, which immediately after receiving the product
> ended up in a safe under lock and key, never again to see the light of day.
>
> It may sound weird but this is one case of the typcail "what they don't
> know doesn't bother them". If this function is added some people will
> suddenly realize the potential that they are currently unaware of, so it's
> quite possible that Wireshark will be banned when it is currently fine to
> use it (in enterprise network that usually means admins only, anyway).

While it's a myth that Ostriches bury their heads in the sand, it's clearly
not a myth about management.



-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)(传说杜康是酒的发明者)

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe