Frackin script kiddies!!
Dan Ritter
dsr-mzpnVDyJpH4k7aNtvndDlA at public.gmane.org
Wed Aug 4 18:26:40 EDT 2010
On Wed, Aug 04, 2010 at 04:03:12PM -0500, Derek Martin wrote:
> > > This is crazy. Because SSL + auth-digest is auth + encryption... And
> >
> > No, it isn't. It's auth *after* encryption. That is, an encrypted
> > link is created between two parties without either party
> > authenticating the other. Insert MitM attack here.
>
> MITM attacks are very sophisticated and extremely unlikely in this
> context, or any context for that matter. Years working in security
> and with security types, and I've never personally encountered a
> real-world case of them happening. They fall into the realm of
> "someone is targeting you and really knows what they're doing", in
> which case if you're not an expert, you're already screwed. If what
> you're protecting is some random recorded TV shows, and you care about
> this, you're probably at least a little nuts.
To my personal knowledge, a MITM attack has happened at a major
Boston-area company within the last twenty years. It is
unreasonable to think that this was the sole incident.
It's not common, but it can happen.
-dsr-
--
http://tao.merseine.nu/~dsr/eula.html is hereby incorporated by reference.
You can't defend freedom by getting rid of it.
More information about the Discuss
mailing list