Date: Mon, 18 Dec 2000 10:49:54 -0800 From: Alfred Perlstein <bright@wintelcom.net> To: Moses Backman III <penguinjedi@home.com> Cc: Todd Backman <todd@flyingcroc.net>, freebsd-security@FreeBSD.ORG, seifried@securityportal.com Subject: Re: woah Message-ID: <20001218104954.B19572@fw.wintelcom.net> In-Reply-To: <20001218133716.A550@cg22413-a.adubn1.nj.home.com>; from penguinjedi@home.com on Mon, Dec 18, 2000 at 01:37:16PM %2B0000 References: <Pine.BSF.4.21.0012172347240.48779-100000@security1.noc.flyingcroc.net> <20001218133716.A550@cg22413-a.adubn1.nj.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Kurt, I was pretty disappointed to see this article. If you tear it down the to base content, the only problem with SSL/SSH is stupid users. I understand that dsniff is a powerful tool for intercepting network traffic, however it will not be "the end" of SSL and SSH technologies. If I get "server has changed keys" messages and I'm not certain that it was myself that upgraded ssh or did a clean install, there's no way I'm going to authorize the key exchange. This is like blaming bullet proof vests for the moron that decided to wear his like a turban. :) Is there something I'm missing here? -Alfred * Moses Backman III <penguinjedi@home.com> [001218 10:37] wrote: > > On 2000.12.18 07:48:55 +0000 Todd Backman wrote: > > > > FYI: > > > > The End of SSL and SSH? > > > > Yesterday, dsniff 2.3 was released. Why is this important, you ask? > > dsniff > > 2.3 allows you to exploit several fundamental flaws in two extremely > > popular encryption protocols, SSL and SSH. SSL and SSH are used to > > protect > > a large amount of network traffic, from financial transactions with > > online > > banks and stock trading sites to network administrator access to secured > > hosts holding extremely sensitive data. Could this singal the end of SSH > > or SSL? > > > > Read the full story here: > > http://securityportal.com/cover/coverstory20001218.html > > > > > > - Todd > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001218104954.B19572>