[Dshield] Eavesdropping

David Klotz bucky at speakeasy.org
Fri Jun 4 19:43:04 GMT 2004


Yes, but do you know, or have you even just heard about, a single incident where
this *has* happened?

The basis for the question is this: the company I work for has customers who are
worried about how "secure" the https connection we use is.  There's nothing
really specific to us, its more of a general concern (valid or not) that many
people in the general public have that the Wily Hacker is out there stealing
their credit cards as they fly over the 'Net.

What I want to be able to say is "There isn't a single documented incident where
information was stolen from a valid https connection."

--
-Dave
-bucky at speakeasy.org

On Fri, 4 Jun 2004, Jon R. Kibler wrote:
>
> Anyone with slightly more skill than the average script kiddie, minimal knowledge of SSL, and a valid cert signed by a root authority, can take any of the MITM programs (such as hunt or juggernaut) and tweak them to perform just such an attack.
>



More information about the list mailing list