[squeak-dev] Re: SqueakSource question
Christopher Hogan
flipityskipit at hotmail.com
Thu Feb 25 17:46:05 UTC 2010
Yes,
But he was only wrong the once. He did it purposely just to see what it felt like.
http://www.schneierfacts.com/
Chris Hogan
> Date: Wed, 24 Feb 2010 14:20:32 +0100
> From: andreas.raab at gmx.de
> To: squeak-dev at lists.squeakfoundation.org
> Subject: [squeak-dev] Re: SqueakSource question
>
> K. K. Subramaniam wrote:
> > On Wednesday 24 February 2010 04:23:58 am Andreas Raab wrote:
> >> http://www.wireshark.org/
> >>
> >> 'nuff said. An hour in promiscuous mode on a public network will likely
> >> be enough to net you a couple of "interesting" passwords. If you write a
> >> custom filter that just greps for "Authorization: Basic" you can watch
> >> those passwords in real-time
> > Please don't even try this.
> >
> > Decoding passwords on a public network without authorization could run foul of
> > local laws in many countries. Technical feasibility or academic interest is
> > not sufficient excuse.
>
> Absolutely! This was *not* an invitation to try it. It was an attempt to
> scare the hell out of all of you who think "basic auth is fine" by
> showing just how trivial it would be for an attacker in the right
> location to sniff your passwords.
>
> Basic auth is *not* fine. Bruce Schneier isn't always right, but that
> doesn't mean he's always wrong.
>
> Cheers,
> - Andreas
>
_________________________________________________________________
Hotmail: Powerful Free email with security by Microsoft.
http://clk.atdmt.com/GBL/go/201469230/direct/01/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20100225/617a40f5/attachment.htm
More information about the Squeak-dev
mailing list
|