> That aside, this hole could be useful in a situation where Party A wants > to help Party B compromise a system without leaving a paper trail. Party > A trojans an ssh client binary, Innocent Bystander C does an ssh > connection somewhere, and Party B sniffs the cleartext traffic. No > evidence to point to Party B. If instead Party A trojaned the binary to > send Party B a carbon-copy, and a white hat could extract this, then Party > B is implicated. > > jm Nonsense. He could just as easily trojan ssh to broadcast the encryption key. If he can sniff the cleartext traffic, he can sniff the key. The point stands -- a server cannot protect you against a client compromise. DS
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:21:17 PDT