Re: FD / lists.grok.org - bad SSL cert

[Tim <tim-security () sentinelchicken org>]

> No, I don't claim that Joe Sixpack will notice if they're ettercap'ed. However,
> fine distinctions like the difference between "just throw ettercap at it" and
> "this protects against passive sniffing but not active MITM" are
> often important in this business.


That's the thing.  I don't think that distinction is relevant in modern
networks.  Maybe ettercap isn't the optimal tool, but you *should not
differentiate between MitM and passive sniffing attacks* if there is no
authentication being performed.  Unless someone provides me with a
counter example, I'm saying that those with access to sniff a network
have the access to perform MitM attacks.  That's all that's applicable,
because the only thing making MitM "harder" is the right piece of
software.  I think our DRM friends in the content industry have come to
realize that this does not make things harder.  All it takes is one guy
to write and release it.

By implying to non-security types that there is some kind of tangible
difference in the security between plain text and non-authenticated SSL
is a great disservice.  Yeah, to the layman it sounds like there ought
to be a difference, but there isn't.

tim
EOL

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/