[squeak-dev] SqueakSource question

Ronald Spengler ron.spengler at gmail.com
Wed Feb 24 22:56:19 UTC 2010


It might be worth noting that your packets have to make a journey
across multiple networks before arriving at their destination. Someone
sniffing traffic *anywhere on that route* should be able to see your
creds if you aren't using encryption.

I don't know this for sure, but I've head that cable Internet
providers put whole blocks of customers on the same switch. Is there a
security implication there?

On Wednesday, February 24, 2010, Randal L. Schwartz
<merlyn at stonehenge.com> wrote:
>>>>>> "Andreas" == Andreas Raab <andreas.raab at gmx.de> writes:
>
> Andreas> Absolutely! This was *not* an invitation to try it. It was an attempt
> Andreas> to scare the hell out of all of you who think "basic auth is fine" by
> Andreas> showing just how trivial it would be for an attacker in the right
> Andreas> location to sniff your passwords.
>
> Even simpler, install ettercap, available in most packaging systems,
> and type:
>
>   sudo ettercap -Tzqi $INTERFACE
>
> where $INTERFACE is your default network interface.
>
> *All* you see is decoded passwords in the clear for any of a dozen different
> protocols, for anything publicly decodable zipping by your interface.
>
> As self defense, I run this *to verify I'm not leaking* whenever I'm connected
> to a public LAN (like wifi or a conference-provided ether hub), and was amazed
> at how many passwords I used to leak.  In fairness, I've been known to call
> out loud to people around me phrases like "jeremyq - better change your
> password when you get home", eliciting shock from someone sitting nearby. :)
>
> --
> Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
> <merlyn at stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
> Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc.
> See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion
>
>

-- 
Ron



More information about the Squeak-dev mailing list