Re: Let's talk about HTTPS Everywhere
On Sat, 22 Jan 2011 13:37:20 -0600
"Boyd Stephen Smith Jr." <bss@iguanasuicide.net> wrote:
> In <[🔎] pan.2011.01.22.18.58.17@gmail.com>, Camaleón wrote:
> >On Sat, 22 Jan 2011 15:31:10 -0200, Eduardo M KALINOWSKI wrote:
> >> That's the same reason I was advocating that people should not leave
> >> Wi-Fi (even if public) unencrypted. If traffic is unencrypted, it is
> >> trivial for anyone to capture session IDs flying in plain text through
> >> the air. If the network is encrypted, then it is much harder to capture
> >> other people's traffic. (Should be impossible, but there are attacks.
> >> But things are much more difficult.)
> >
> >I agree. Wired networks are not that exposed to these attacks.
>
> Not entirely true. On a hubbed network, putting your network card into
> promiscuous mode will allow you do see other's HTTP traffic and "sidejack"
> them. Even on a switched network, there may be a way to fool the switch into
> giving you enough data from the HTTP traffic to preform a "sidejack".
I know very little about enterprise networking, but are hubs still in
actual use today?
Celejar
--
foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator
Reply to: