[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] HTTP AUTH BASIC monowall.
- To: Simon Smith <simon@xxxxxxxxxxx>
- Subject: Re: [Full-disclosure] HTTP AUTH BASIC monowall.
- From: Tim <tim-security@xxxxxxxxxxxxxxxxxxx>
- Date: Wed, 15 Mar 2006 13:19:53 -0500
> As suspected... so I am correct; and it is a security threat. I can
> compromise a network, arp poison it, MiTM, access the firewall,
> distributed metastasis, presto... owned...
You are completely missing the point. Did you read my first response?
If you properly use your PKI, then doing a simple MitM attack, as you
describe, is not possible without bells and whistles going off in your
browser.
There are plenty of SSL & PKI tutorials online. I suggest you read
some.
tim
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/