[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Salsa update: no more "-guest" and more

On 4/27/20 2:49 AM, Paride Legovini wrote:
> An active MITM attack is way more complicated than just sniffing and
> storing traffic for later analysis. Changing the 2FA or password is not
> a great strategy, as you would immediately realize what's going on.
> Silently gaining access to an account allows to act when the conditions
> are the best from the attacker's point of view.

An attacker would gain access to a few accounts, wait and see what they
can do with the gained permissions in the long run. And at some point
compromise something.

2FA stops this kind of attacks completely. Without a current 2fa token,
your password knowledge is useless.

Gaining access with a MITM attack once gives you a very short amount of
time to do whatever you want to do, as your login will be gone as soon
as the next login without MITM happens.

 Bernd Zeimetz                            Debian GNU/Linux Developer
 http://bzed.de                                http://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

Reply to: