WebApp Sec mailing list archives

Re: keyloggers? - dont doit

From: Kyle Maxwell <krmaxwell () gmail com>
Date: Wed, 6 Apr 2005 13:39:38 -0500

On Apr 6, 2005 7:23 AM, Alvin Oga
<alvin.sec () virtual linux-consulting com> wrote:

        - anything sent over the internet is sniffable from
        anywhere in the world


Delurking just to mention that this isn't correct. Online banking (and
other security-sensitive activities) aren't a good idea from shared
sites like a cybercafe for all the reasons others have mentioned, but
this isn't it. From my desktop here, I almost certainly have no way of
sniffing your traffic to your bank, unless I happen to be somewhere
along your path.

I'd also like to know about SSL being broken. I think you mean one of
the common ciphers is broken, which would be substantial news indeed.

Your conclusion is right but your reasoning is completely wrong AFAICT.

-- 
Kyle Maxwell
[krmaxwell () gmail com]

Current thread:

keyloggers? SB (Apr 05)
- Re: keyloggers? Louis Baumann (Apr 06)
  - Re: keyloggers? Augusto Paes de Barros (Apr 06)
- Re: keyloggers? Greg Stiavetti (Apr 06)
- Re: keyloggers? Yoanne LE MERCIER (Apr 06)
  - RE: keyloggers? P.B. Wagenaar (Apr 06)
    - Re: keyloggers? - dont doit Alvin Oga (Apr 06)
    - Re: keyloggers? - dont doit Kyle Maxwell (Apr 06)
    - Re: keyloggers? - dont doit Antoine Martin (Apr 06)
    - Re: keyloggers? Michael Silk (Apr 06)
    - Re: keyloggers? Antonio Fontes (Apr 06)
    - Re: keyloggers? Michael Silk (Apr 06)
    - RE: keyloggers? Mehmet Buyukozer (Apr 06)
- Re: keyloggers? Gareth Davies (Apr 06)
  - Re: keyloggers? Zero Burnout (Apr 06)
- Re: keyloggers? Michael Silk (Apr 06)
- Re: keyloggers? Adam Shostack (Apr 06)
- Re: keyloggers? colinm () clientsecure net (Apr 06)

(Thread continues...)