Re: SSL certificates
Andrew Suffield <email@example.com> writes:
> Means there are vastly better places to attack than the client<->server
> session. Like the server itself. Traffic from you to the server isn't
> *secure*, but neither is it easy to capture, so nobody bothers. They
> just hit the server.
While I mostly agree with you, I'll mention that as a university systems
administrator, we still do regularly have people try to break into one
cluster system and install a traffic sniffer to capture cleartext
passwords. On a switched network, of course, this is functionally
equivalent to trojaning the login daemons, since all you get is traffic to
that particular host, but it's actually a lot easier to install and keep
hidden a traffic sniffer than it is to trojan the login daemons.
I certainly wouldn't argue that this is the primary attack, but it's one
that we still do see pretty regularly.
Russ Allbery (firstname.lastname@example.org) <http://www.eyrie.org/~eagle/>