Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert

From: Tim <tim-security_at_nospam>
Date: Mon Jan 05 2009 - 21:29:52 GMT
To: Valdis.Kletnieks@vt.edu

> > How is that better, really? Run tcpdump or ettercap... Either of the
> > tools are off the shelf.
>
> And if the site is using a self-signed cert, how does a 3rd party tcpdump
> manage to get a *decrypted* datastream? Yes, you can still do traffic analysis
> on the "X talked to Y with packet sizes A, B, and C" level, but you can't
> look at the data.

You're missing the point of my comment:

Plaintext communication => use tcpdump

Encrypted without a cert => use ettercap (or something similar)

Is there really a non-constant difference in difficulty?

tim

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

This message: [ Message body ]
Next message: j-f sentier: "Re: [Full-disclosure] Full-Disclosure wouldn't let me post this message"
Previous message: Valdis.Kletnieks_at_nospam: "Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert"
In reply to: Valdis.Kletnieks_at_nospam: "Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert"
Next in thread: Valdis.Kletnieks_at_nospam: "Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert"
Reply: Valdis.Kletnieks_at_nospam: "Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]