also sprach Dan Faerch <dan@fake.dk> [2002.04.26.1955 +0200]:
> Second more, if your users are allowed to have pages on the same
> address as the login system, the browser can, without much effort,
> be tricked into giving away your systems username and password to
> a personal user page...
how?
> The subject on switches.. It is a general misunderstanding that
> switches provide security.. There are several easy tricks to make
> a switch spill its guts.. They were designed for performance and no
> one ever promised security
true, and i love this one because it's the first thing everyone says
in response to hearing something said on 'sniffing'. uhm, every
previously not so exposed person as we are, i mean.
but have you tried your luck on one of the better cisco and
hewlett-packard switches? you know their algorithm against MAC table
overflow? if yes, then just think about it, and about how good it is.
--
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
"micro$oft productivity software"
- see reductio ad absurdum, conclusions.
Attachment:
pgpxcyWv4EjFb.pgp
Description: PGP signature