[Dshield] Eavesdropping

Nels Lindquist nlindq at maei.ca
Fri Jun 4 19:01:27 GMT 2004


On 4 Jun 2004 at 8:08, David Klotz wrote:

> Since the list is so slow right now, I'll take this opportunity to ask a
> question:  Has anyone ever heard of somebody successfully eavesdropping on a
> validly established HTTPS connection?
> 
> Some term definition: by "successful", I mean snooped encrypted traffic,
> decrypted it, and learned something they didn't already know.  "Valid" means
> there was nothing funny going on with the setup of the secure connection.  I
> know about MIM attacks, and I know you can trick people into going to "secure"
> sites that aren't what they think they are, but I'm not interested in those
> situations.

Unless you're talking about a university campus or the like, there's 
actually very little real-world eavesdropping that goes on even for 
unencrypted connections.  Bruce Schneier has talked about how the SSL 
infrastructure for websites is pretty much irrelevant because nobody 
tries to listen to one connection just to steal a credit card number 
or what have you when one could instead break into the webserver and 
steal *all* the credit card numbers from the database backend.

That being said, the only way I know of to "listen in" on an 
encrypted conversation is to have access to the server's private key 
and use something like ssldump, which I don't think is the kind of 
thing you're talking about.

----
Nels Lindquist <*>
Information Systems Manager
Morningstar Air Express Inc.




More information about the list mailing list