[Dshield] Eavesdropping

Tony Earnshaw tonye at billy.demon.nl
Sun Jun 6 14:04:20 GMT 2004


fre, 04.06.2004 kl. 21.43 skrev David Klotz:

> Yes, but do you know, or have you even just heard about, a single incident where
> this *has* happened?
> 
> The basis for the question is this: the company I work for has customers who are
> worried about how "secure" the https connection we use is.  There's nothing
> really specific to us, its more of a general concern (valid or not) that many
> people in the general public have that the Wily Hacker is out there stealing
> their credit cards as they fly over the 'Net.
> 
> What I want to be able to say is "There isn't a single documented incident where
> information was stolen from a valid https connection."

It's possible to hijack an https session, it has been done and it will
be done again:

http://www.ws.afnog.org/afnog2004/t1/security/crypto-slides.pdf

--Tonni

-- 

We make out of the quarrel with others rhetoric
but out of the quarrel with ourselves, poetry.

mail: tonye at billy.demon.nl
http://www.billy.demon.nl




More information about the list mailing list