Re: SSL certificates

To: debian-devel@lists.debian.org
Subject: Re: SSL certificates
From: Rob Sims <robsims@robsims.ipf.fc.hp.com>
Date: Tue, 21 Sep 2004 08:47:25 -0600
Message-id: <[🔎] 200409210847.25890.robsims@robsims.ipf.fc.hp.com>
In-reply-to: <[🔎] 87y8j4mr2d.fsf@windlord.stanford.edu>
References: <[🔎] 20040918210501.GE29882@cs.helsinki.fi> <[🔎] 20040920004137.GA23493@suffields.me.uk> <[🔎] 87y8j4mr2d.fsf@windlord.stanford.edu>

On Monday 20 September 2004 05:57 pm, Russ Allbery wrote:
> While I mostly agree with you, I'll mention that as a university
> systems administrator, we still do regularly have people try to break
> into one cluster system and install a traffic sniffer to capture
> cleartext passwords.  On a switched network, of course, this is
> functionally equivalent to trojaning the login daemons, since all you
> get is traffic to that particular host, but it's actually a lot
> easier to install and keep hidden a traffic sniffer than it is to
> trojan the login daemons.

Switches don't necessarily limit sniff space:
http://www.securesphere.net/download/papers/SwitchSniff.htm
-- 
Rob

Reply to:

References:
- SSL certificates
  - From: Kai Hendry <hendry@cs.helsinki.fi>
- Re: SSL certificates
  - From: Andrew Suffield <asuffield@debian.org>
- Re: SSL certificates
  - From: Russ Allbery <rra@stanford.edu>

Prev by Date: RFA: gphoto2 -- The gphoto2 digital camera command-line client
Next by Date: Re: RFA: gphoto2 -- The gphoto2 digital camera command-line client
Previous by thread: Re: SSL certificates
Next by thread: Re: SSL certificates
Index(es):
- Date
- Thread