On Mon, Sep 20, 2004 at 04:57:46PM -0700, Russ Allbery wrote: > Andrew Suffield <asuffield@debian.org> writes: > > > Means there are vastly better places to attack than the client<->server > > session. Like the server itself. Traffic from you to the server isn't > > *secure*, but neither is it easy to capture, so nobody bothers. They > > just hit the server. > > While I mostly agree with you, I'll mention that as a university systems > administrator, we still do regularly have people try to break into one > cluster system and install a traffic sniffer to capture cleartext > passwords. University environments are like that. I wouldn't be surprised if they are the reason behind SSL originally, and the rest is just misapplication. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -><- |
Attachment:
signature.asc
Description: Digital signature