[squeak-dev] Re: SqueakSource question
flipityskipit at hotmail.com
Thu Feb 25 17:46:05 UTC 2010
But he was only wrong the once. He did it purposely just to see what it felt like.
> Date: Wed, 24 Feb 2010 14:20:32 +0100
> From: andreas.raab at gmx.de
> To: squeak-dev at lists.squeakfoundation.org
> Subject: [squeak-dev] Re: SqueakSource question
> K. K. Subramaniam wrote:
> > On Wednesday 24 February 2010 04:23:58 am Andreas Raab wrote:
> >> http://www.wireshark.org/
> >> 'nuff said. An hour in promiscuous mode on a public network will likely
> >> be enough to net you a couple of "interesting" passwords. If you write a
> >> custom filter that just greps for "Authorization: Basic" you can watch
> >> those passwords in real-time
> > Please don't even try this.
> > Decoding passwords on a public network without authorization could run foul of
> > local laws in many countries. Technical feasibility or academic interest is
> > not sufficient excuse.
> Absolutely! This was *not* an invitation to try it. It was an attempt to
> scare the hell out of all of you who think "basic auth is fine" by
> showing just how trivial it would be for an attacker in the right
> location to sniff your passwords.
> Basic auth is *not* fine. Bruce Schneier isn't always right, but that
> doesn't mean he's always wrong.
> - Andreas
Hotmail: Powerful Free email with security by Microsoft.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Squeak-dev