 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
Jarod Wilson wrote: > On Mon, Aug 2, 2010 at 11:55 PM, Richard Pieri <richard.pieri-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote: >> Wrapping HTTP in SSL offers no protection to your server. None. Zilch. Nada. It protects the end to end traffic. An attacker still has access to your authentication mechanism and can just as easily launch a brute force or exploit attack against it as he could if the traffic were clear instead of encrypted. > > They can launch the same brute force attack and/or go for exploits > against ssh. Or an ipsec vpn. Or anything public-facing. But > seriously, who is going to expend the effort brute-force attacking my > mythtv box to delete some recordings? Who would expend ANY effort attacking my machine and deleting the recordings? Apparently several people. What did they gain? They got to show off their super-duper mad skills (i.e. running a script they found on the internet) to cause someone else pain. Keep in mind it's the computer doing the brute forcing, not the person. It's no skin off of their back if it takes their script a few minutes or hours to do it. They can be out tripping old ladies or selling drugs while my machine is decimated.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
