[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSL certificates

Andrew Suffield <asuffield@debian.org> writes:

> Means there are vastly better places to attack than the client<->server
> session. Like the server itself. Traffic from you to the server isn't
> *secure*, but neither is it easy to capture, so nobody bothers. They
> just hit the server.

While I mostly agree with you, I'll mention that as a university systems
administrator, we still do regularly have people try to break into one
cluster system and install a traffic sniffer to capture cleartext
passwords.  On a switched network, of course, this is functionally
equivalent to trojaning the login daemons, since all you get is traffic to
that particular host, but it's actually a lot easier to install and keep
hidden a traffic sniffer than it is to trojan the login daemons.

I certainly wouldn't argue that this is the primary attack, but it's one
that we still do see pretty regularly.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>
Reply to: