Manny, SSL is safe, as long as you don't accidentally accept a bad cert. I was accepting a cert for pidgin when I accidentally just hit enter for a cert that pop up as I was booting up on the local lan at its a grind. While pidgin was loading I had Firefox loading as well which was logging in to gmail. When that happens, ssl is working fine, but no longer matters.
Chris... On Sun, Dec 28, 2008 at 11:50 PM, Ragi Y. Burhum <[email protected]> wrote: > > >> >> ---------- Forwarded message ---------- >> From: "Roger E. Rustad, Jr." <[email protected]> >> To: SoCal LUG Users List <[email protected]> >> Date: Sun, 28 Dec 2008 09:50:24 -0800 >> Subject: [LinuxUsers] Dan Tentler's script kiddie antics last night >> Hey guys, >> >> I would like to formally address the "man in the middle" script kiddie >> stuff that Dan Tentler was doing to the SoCal Linux group last night at the >> coffee shop. >> >> Personally, I take issue with Dan... >> >> (a) Not formally and publicly disclosing that he was using Backtrack to >> sniff other members' traffic. >> (b) Not immediately getting rid of another member's gmail password once he >> handed out a fake certificate and sniffed it with Ethereal. >> (c) Doing what he was doing secretly, rather than for the edification of >> the group >> (d) Changing the of an otherwise friendly meeting. >> >> I consider Dan's actions last night tantamount to pick pocketing fellow >> members when we're having a discussion that's not about pick pocketing. >> >> I also would argue that if we, as a group, are going to be cool with other >> members (or, in this case, a friend of a member) secretly doing this kind of >> thing to each other, then we have an obligation to inform newbies in our >> group who do not know any better, particularly unsuspecting friends, >> girlfriends, coworkers, or kids who sometimes accompany us. >> >> Our meetings are not mini Defcons or 2600 meetups, and it's not reasonable >> for new people to come and expect this type of sophomoric crap to take >> place. When one goes to Defcon, one can reasonably expect to get messed >> with. It is the nature of the conference, and much of what is done is often >> made public for everyone's edification (e.g. Wall of Shame). >> >> I like to think of SoCal Linux as a group of open source advocates who >> work at places like Apple, Google, Microsoft, ESRI, etc. Kiddie scripting is >> not, in my opinion, the tone of our group, and if we are going to be cool >> with someone doing this sort of thing, then we should should ask the person >> in question to formally disclose what s/he is doing beforehand or perhaps >> make a public presentation about it, not do it on the side secretly. >> >> I would be curious to know what other people in the group think about >> this. (Dan Tentler is cc'd on this, as well) >> >> Rog >> > > NOT cool... > > _______________________________________________ > LinuxUsers mailing list > [email protected] > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers > > -- "As we open our newspapers or watch our television screens, we seem to be continually assaulted by the fruits of Mankind's stupidity." -Roger Penrose
