full-disclosure-uk January 2009 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] FD / lists.grok.org -

Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert

From: Tim <tim-security_at_nospam>
Date: Mon Jan 05 2009 - 23:19:06 GMT
To: Valdis.Kletnieks@vt.edu


> No, I don't claim that Joe Sixpack will notice if they're ettercap'ed. However,
> fine distinctions like the difference between "just throw ettercap at it" and
> "this protects against passive sniffing but not active MITM" are
> often important in this business.

That's the thing. I don't think that distinction is relevant in modern networks. Maybe ettercap isn't the optimal tool, but you *should not differentiate between MitM and passive sniffing attacks* if there is no authentication being performed. Unless someone provides me with a counter example, I'm saying that those with access to sniff a network have the access to perform MitM attacks. That's all that's applicable, because the only thing making MitM "harder" is the right piece of software. I think our DRM friends in the content industry have come to realize that this does not make things harder. All it takes is one guy to write and release it.

By implying to non-security types that there is some kind of tangible difference in the security between plain text and non-authenticated SSL is a great disservice. Yeah, to the layman it sounds like there ought to be a difference, but there isn't.

tim
EOL



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/