[squeak-dev] Re: SqueakSource question

Christopher Hogan flipityskipit at hotmail.com
Thu Feb 25 17:46:05 UTC 2010

But he was only wrong the once.  He did it purposely just to see what it felt like.

Chris Hogan 

> Date: Wed, 24 Feb 2010 14:20:32 +0100
> From: andreas.raab at gmx.de
> To: squeak-dev at lists.squeakfoundation.org
> Subject: [squeak-dev] Re: SqueakSource question
> K. K. Subramaniam wrote:
> > On Wednesday 24 February 2010 04:23:58 am Andreas Raab wrote:
> >> http://www.wireshark.org/
> >>
> >> 'nuff said. An hour in promiscuous mode on a public network will likely 
> >> be enough to net you a couple of "interesting" passwords. If you write a 
> >> custom filter that just greps for "Authorization: Basic" you can watch 
> >> those passwords in real-time
> > Please don't even try this.
> > 
> > Decoding passwords on a public network without authorization could run foul of 
> > local laws in many countries. Technical feasibility or academic interest is 
> > not sufficient excuse.
> Absolutely! This was *not* an invitation to try it. It was an attempt to 
> scare the hell out of all of you who think "basic auth is fine" by 
> showing just how trivial it would be for an attacker in the right 
> location to sniff your passwords.
> Basic auth is *not* fine. Bruce Schneier isn't always right, but that 
> doesn't mean he's always wrong.
> Cheers,
>    - Andreas
Hotmail: Powerful Free email with security by Microsoft.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20100225/617a40f5/attachment.htm

More information about the Squeak-dev mailing list