On Wed, Aug 28, 2002 at 01:36:06AM -0700, Nick Jacobsen wrote: > I just love this... You are telling me that I can't sniff information from > an SSL session using a mitm attack? the whole point is that you are in the > middle... I've used ettercap, I'm familiar with how the attacks work - to me, what you seemed to be saying was that it was possible to decrypt SSL off of the wire. So yes, you're correct that you can use ettercap for an HTTP/SSL MITM attack, but the fact remains that saying that using SSL for a login session is "pointless" is just not accurate. While an unencrypted connection can be sniffed at places other than the local lan, an SSL-ified one would require DNS cache poisoning to mount a MITM attack. This is easy to defend against, and there's also the fact that the end user will get a certificate warning in this kind of situation(which they'll probably ignore, but this is beside the point), whether the attack is local or remote. SSL is another layer of security, which, while not bulletproof, is a Good Thing. Cheers, David
This archive was generated by hypermail 2b30 : Wed Aug 28 2002 - 10:50:00 PDT