[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] Audit: don't only focus on heartbleed issue

To: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
Subject: Re: [FD] Audit: don't only focus on heartbleed issue
From: Stephane Bortzmeyer <bortzmeyer@xxxxxx>
Date: Thu, 17 Apr 2014 13:44:36 +0200

On Wed, Apr 16, 2014 at 09:22:31PM +0200,
 Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote 
 a message of 82 lines which said:

> frankly outside a public hotspot / untrusted network nobody but the
> NSA and otehr agencies are able to really to MITM

As explained by Tim, this is false. He forgot to mention another
attack vector, a routing attack like
<http://www.renesys.com/2013/11/mitm-internet-hijacking/>


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

References:
- [FD] Audit: don't only focus on heartbleed issue
  - From: Shawn
- Re: [FD] Audit: don't only focus on heartbleed issue
  - From: Ron Bowes
- Re: [FD] Audit: don't only focus on heartbleed issue
  - From: Reindl Harald

Prev by Date: Re: [FD] ldd for OS X WAS:Auditing systems for vulnerable 3rd-party OpenSSL (Gabriel Brezi)
Next by Date: Re: [FD] Should openssl accept weak DSA/DH keys with g = +/- 1 ?
Previous by thread: Re: [FD] Audit: don't only focus on heartbleed issue
Next by thread: Re: [FD] Audit: don't only focus on heartbleed issue
Index(es):
- Date
- Thread