[Dshield] Eavesdropping

David Klotz bucky at speakeasy.org
Fri Jun 4 15:08:00 GMT 2004


Since the list is so slow right now, I'll take this opportunity to ask a
question:  Has anyone ever heard of somebody successfully eavesdropping on a
validly established HTTPS connection?

Some term definition: by "successful", I mean snooped encrypted traffic,
decrypted it, and learned something they didn't already know.  "Valid" means
there was nothing funny going on with the setup of the secure connection.  I
know about MIM attacks, and I know you can trick people into going to "secure"
sites that aren't what they think they are, but I'm not interested in those
situations.

Anyone??


--
-Dave
-bucky at speakeasy.org



More information about the list mailing list