Re: Secure Yahoo logins

From: David Thiel (lxat_private)
Date: Tue Aug 27 2002 - 21:06:14 PDT

Next message: Roland Postle: "Re: Secure Yahoo logins"

Previous message: David Schwartz: "Re: Secure Yahoo logins"
In reply to: Nick Jacobsen: "Re: Secure Yahoo logins"
Next in thread: Nick Jacobsen: "Re: Secure Yahoo logins"
Reply: Nick Jacobsen: "Re: Secure Yahoo logins"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Aug 27, 2002 at 08:36:40PM -0700, Nick Jacobsen wrote:
> it supports SSH(Secure Telnet) 

SSH is not even remotely like "Secure Telnet".

> and SSL(HTTPS) decryption and sniffing, as

Only if you have the server's keypair.

> I guess my main point is that if you are having your users log in using
> "secure log in" for the express reason of making it so their password cannot
> be sniffed, it is pointless, as anyone can STILL sniff it!

There's a higher difficulty level involved with MITM attacks, and
measures can be taken to prevent and/or recognize such attacks.
SSL is not a panacea, but it's a useful layer of security.  The
fact that MITM attacks exist is not proper rationale for abandoning
the use of encryption.

Next message: Roland Postle: "Re: Secure Yahoo logins"
Previous message: David Schwartz: "Re: Secure Yahoo logins"
In reply to: Nick Jacobsen: "Re: Secure Yahoo logins"
Next in thread: Nick Jacobsen: "Re: Secure Yahoo logins"
Reply: Nick Jacobsen: "Re: Secure Yahoo logins"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 27 2002 - 21:09:43 PDT