<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
--></style>
</head>
<body class='hmmessage'>
<div>Wireshark is one of my favorites. The real issue in plain text isn't sending over the wire. </div><div><br></div><div>It's when you are using wireless at your local coffee shop or hotel room (<a href="http://www.blackhat.com/">at the blackhat conference</a>)</div><div><br></div>Other good sources of tools.<br><div><br></div><div><div style="text-indent: 0in !important; "><a href="http://www.metasploit.com" style="text-indent: 0in !important; ">http://www.metasploit.com</a></div><div style="text-indent: 0in !important; ">Originally done in Perl but recently ported to Ruby.</div><div style="text-indent: 0in !important; "><br></div></div><div><a href="http://www.remote-exploit.org/backtrack.html">http://www.remote-exploit.org/backtrack.html</a></div><div><a href="http://www.remote-exploit.org/backtrack.html"></a>Great linux distro for hacking, all the latest white hat tools built in.</div><div><br></div><div><div>Chris Hogan</div><div><br></div></div><div><div><br>> Date: Tue, 23 Feb 2010 14:53:58 -0800<br>> From: andreas.raab@gmx.de<br>> To: squeak-dev@lists.squeakfoundation.org<br>> Subject: [squeak-dev] Re: SqueakSource question<br>> <br>> http://www.wireshark.org/<br>> <br>> 'nuff said. An hour in promiscuous mode on a public network will likely <br>> be enough to net you a couple of "interesting" passwords. If you write a <br>> custom filter that just greps for "Authorization: Basic" you can watch <br>> those passwords in real-time.<br>> <br>> Cheers,<br>> - Andreas<br>> <br>> Chris Cunnington wrote:<br>> > Andreas said: <br>> > <br>> > Which is something that I'm <br>> > absolutely not fond of because it's transmitting your password pretty <br>> > much in plain text, obfuscated as base64. Ouch.<br>> > <br>> > <rant><br>> > <br>> > This won't answer your question, but I'd like to play the Devil's Advocate and as how this is a problem? <br>> > <br>> > I hear a lot of people tout SSL and other things and get antsy about exactly what you're describing, but how do you exploit it? Are there any crackers here? <br>> > <br>> > I went to a local meeting of the 2600 (from the magazine of the same name) and I said I was concerned about security and I'd like to know how to exploit something so I can protect against it. They said, basically, that if you were trying to exploit somebody on another network then it was only really possible by blasting endless password combinations. It seems sitting on a LAN, you can watch the traffic go in and out. On the Internets plural, it's harder or impossible to do. <br>> > <br>> > I've got Fyodor's "NMAP Network Scanning" on my desk right now. OK, you can port scan. You can see what ports are open. Then what? Security seems to me to be a real area of cargo cult programming. Get SSL, or else. <br>> > <br>> > Maybe you want to ignore this, as it, again, doesn't really do anything for your question. But just once I wish somebody would convince me about efforts taken to create security from first principles and not just because Bruce Schneier raised his eyebrow. <br>> > <br>> > </rant><br>> > <br>> > Chris <br>> > <br>> > <br>> > <br>> > <br>> > ------------------------------------------------------------------------<br>> > <br>> > <br>> <br>> <br></div></div> <br /><hr />Hotmail: Free, trusted and rich email service. <a href='http://clk.atdmt.com/GBL/go/201469228/direct/01/' target='_new'>Get it now.</a></body>
</html>