From owner-freebsd-security@FreeBSD.ORG  Tue Jun 26 14:13:06 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3E8011065677
	for <freebsd-security@freebsd.org>;
	Tue, 26 Jun 2012 14:13:06 +0000 (UTC) (envelope-from feld@feld.me)
Received: from feld.me (unknown [IPv6:2607:f4e0:100:300::2])
	by mx1.freebsd.org (Postfix) with ESMTP id 004D38FC12
	for <freebsd-security@freebsd.org>;
	Tue, 26 Jun 2012 14:13:05 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=feld.me;
	s=blargle; 
	h=In-Reply-To:Message-Id:From:Mime-Version:Date:References:Subject:To:Content-Type;
	bh=yk+NwxqpOn05YQshISuU6AouHvwastxfoWmqAOTe+yM=; 
	b=rX23TmH5NLD699JoGh9GWXX8uFO6+t9jHNsMDxJe6l1Ps765pwPKov6Fpkr4X9Bp1KsxdH6MTFBrLWtJWQdMkvPFPbPXgY5b1SOPQ8EmDFyqCyYZH7Gm1Var/SYalKfb;
Received: from localhost ([127.0.0.1] helo=mwi1.coffeenet.org)
	by feld.me with esmtp (Exim 4.77 (FreeBSD))
	(envelope-from <feld@feld.me>) id 1SjWVs-000Ctk-CE
	for freebsd-security@freebsd.org; Tue, 26 Jun 2012 09:13:05 -0500
Received: from feld@feld.me by mwi1.coffeenet.org (Archiveopteryx 3.1.4)
	with esmtpa id 1340719978-94480-94479/5/55; Tue, 26 Jun 2012 14:12:58
	+0000
Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes
To: freebsd-security@freebsd.org
References: <86pq8nxtjp.fsf@ds4.des.no>
	<20120625223807.4dbeb91d@gumby.homeunix.com>
	<4FE8DF29.50406@FreeBSD.org>
	<20120625235310.3eed966e@gumby.homeunix.com>
	<4FE8F814.5020906@FreeBSD.org>
	<20120626015323.02b7f348@gumby.homeunix.com>
	<4FE9094A.4080605@FreeBSD.org>
	<20120626024624.4c333bd2@gumby.homeunix.com>
	<4FE916AA.6050503@FreeBSD.org>
	<20120626035609.0d0f061b@gumby.homeunix.com>
	<20120626034727.GA56503@DataIX.net>
Date: Tue, 26 Jun 2012 09:12:57 -0500
Mime-Version: 1.0
From: Mark Felder <feld@feld.me>
Message-Id: <op.wgikfvy134t2sn@tech304>
In-Reply-To: <20120626034727.GA56503@DataIX.net>
User-Agent: Opera Mail/12.00 (FreeBSD)
X-SA-Score: -1.5
Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA
 ECDSA was Add rc.conf variables...
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jun 2012 14:13:06 -0000

On Mon, 25 Jun 2012 22:47:27 -0500, J. Hellenthal <jhellenthal@dataix.net>  
wrote:
>
> Still have yet to hear of something like this happening but its real
> enough considering some of the exploits out there.
>

Cisco Ironport devices do MITM for SSL and SSH. Clearly someone wrote  
enough of the code that this is feasible. It doesn't steal your passwords  
though, just sniffs your unencrypted session traffic to "protect company  
IP from being leaked". And yes, you'll get an error that the host key has  
changed but it wouldn't be hard to put in the destination key if you had  
it.