From owner-freebsd-security Mon Dec 18 10:50: 0 2000 From owner-freebsd-security@FreeBSD.ORG Mon Dec 18 10:49:56 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id EE4A537B400 for ; Mon, 18 Dec 2000 10:49:55 -0800 (PST) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id eBIInsT07975; Mon, 18 Dec 2000 10:49:54 -0800 (PST) Date: Mon, 18 Dec 2000 10:49:54 -0800 From: Alfred Perlstein To: Moses Backman III Cc: Todd Backman , freebsd-security@FreeBSD.ORG, seifried@securityportal.com Subject: Re: woah Message-ID: <20001218104954.B19572@fw.wintelcom.net> References: <20001218133716.A550@cg22413-a.adubn1.nj.home.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001218133716.A550@cg22413-a.adubn1.nj.home.com>; from penguinjedi@home.com on Mon, Dec 18, 2000 at 01:37:16PM +0000 Sender: bright@fw.wintelcom.net Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Kurt, I was pretty disappointed to see this article. If you tear it down the to base content, the only problem with SSL/SSH is stupid users. I understand that dsniff is a powerful tool for intercepting network traffic, however it will not be "the end" of SSL and SSH technologies. If I get "server has changed keys" messages and I'm not certain that it was myself that upgraded ssh or did a clean install, there's no way I'm going to authorize the key exchange. This is like blaming bullet proof vests for the moron that decided to wear his like a turban. :) Is there something I'm missing here? -Alfred * Moses Backman III [001218 10:37] wrote: > > On 2000.12.18 07:48:55 +0000 Todd Backman wrote: > > > > FYI: > > > > The End of SSL and SSH? > > > > Yesterday, dsniff 2.3 was released. Why is this important, you ask? > > dsniff > > 2.3 allows you to exploit several fundamental flaws in two extremely > > popular encryption protocols, SSL and SSH. SSL and SSH are used to > > protect > > a large amount of network traffic, from financial transactions with > > online > > banks and stock trading sites to network administrator access to secured > > hosts holding extremely sensitive data. Could this singal the end of SSH > > or SSL? > > > > Read the full story here: > > http://securityportal.com/cover/coverstory20001218.html > > > > > > - Todd > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message