 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Wed, Aug 04, 2010 at 04:03:12PM -0500, Derek Martin wrote: > > > This is crazy. Because SSL + auth-digest is auth + encryption... And > > > > No, it isn't. It's auth *after* encryption. That is, an encrypted > > link is created between two parties without either party > > authenticating the other. Insert MitM attack here. > > MITM attacks are very sophisticated and extremely unlikely in this > context, or any context for that matter. Years working in security > and with security types, and I've never personally encountered a > real-world case of them happening. They fall into the realm of > "someone is targeting you and really knows what they're doing", in > which case if you're not an expert, you're already screwed. If what > you're protecting is some random recorded TV shows, and you care about > this, you're probably at least a little nuts. To my personal knowledge, a MITM attack has happened at a major Boston-area company within the last twenty years. It is unreasonable to think that this was the sole incident. It's not common, but it can happen. -dsr- -- http://tao.merseine.nu/~dsr/eula.html is hereby incorporated by reference. You can't defend freedom by getting rid of it.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
