[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert
- To: Valdis.Kletnieks@xxxxxx
- Subject: Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert
- From: Tim <tim-security@xxxxxxxxxxxxxxxxxxx>
- Date: Mon, 5 Jan 2009 12:47:20 -0800
> It's *slightly* better, in that it guards against passive sniffing attacks
> on the data in transit. You're right that it doesn't guard against an
> active MITM attack.
How is that better, really? Run tcpdump or ettercap... Either of the
tools are off the shelf. It doesn't take a great deal of skill for
either. Just because a piece of software is doing an extra step or
three doesn't mean an attacker has to do significantly more work.
O(1) + O(1) = O(1)
What modern networks don't permit active modification of packets in
realtime if you have the right access to the data? I can conceive of
some hypothetical radio broadcast or other physical media which, if
carefully designed, could make MitM attacks difficult by virtue of the
media itself (along the lines of a poor man's quantum crypto line), but
I don't know of any in use. Do enlighten me if you do.
cheers,
tim
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/