Phil Pennock wrote:
> On 2009-03-02 at 18:36 -0800, Michael G Schwern wrote:
>> Tony Finch wrote:
>>> On Mon, 2 Mar 2009, Francisco Olarte Sanz wrote:
>>>> I think the point made by the original poster is valid, if you use a
>>>> encrypted unauthenticated connection you cannot just be sniffed, you
>>>> need to be subject to a MITM or similar attack.
>>> That's so difficult!
>> Yes, MITM is difficult.
>
> Bull. Go ahead and install dsniff, read the man-pages for the utilites
> that software provides.
>
> You're spewing forth crap and are too ignorant to realise it.
Jesus christ, calm down. It's the software we hate. People are merely
targets for pity and loathing.
The sorts of things dsniff can do is easily defeated by an "am I talking to
the same ident as last time" system like ssh uses. It only works if you A)
ignore the security warnings saying "HEY! THIS ISN'T THE SAME GUY!" or B)
contact a self-signed host for the first time to which you then send sensitive
information. If you ignore A, you're an idiot. If you do B on an unsecured
network, you're also an idiot.
It also requires some crafting and social hacking on the part of the attacker.
At minimum, they have to guess which web sites folks on the LAN are going to
connect to which will net them valuable information because you don't want to
just inject self-signed certs everywhere. That would rapidly be noticed.
The scenario in the FAQ of "conference terminal rooms or webcafes as most
traveling SSH users don't carry their server's key fingerprint around with
them" is becoming less and less likely as more and more people carry laptops
or their own apps on a USB key.
It's also an active attack that can be noticed. Either the network can
automatically watch for, or an alert user will notice there's an awful lot of
self-signed certs all of the sudden. This makes it more likely you'll get
either shut down or worse, caught.
dsniff has made mitm a whole lot easier, but its still nothing compared to
opening up the big tcpdump sack, stuffing in all the in-the-clear packets you
can get for an hour and walking off with the booty.
Feel free to ignore the really important addendum of "compared to the ease of
sniffing unencrypted packets" and beat on the straw man of your choice. The
original point was trying to solve encryption + identity is holding back
ubiquitous encryption. Waving your arms around about OMG IT DOESN'T SOLVE
MITM is just that.
I want easy encryption everywhere with selective use of expensive identity
certification as necessary. Security is a trade off between protection and
mobility. Ask any tank designer, you put the heaviest armor where it's most
likely to get hit.
--
Insulting our readers is part of our business model.
http://somethingpositive.net/sp07122005.shtml
