It's not eavesdropping I'm concerned about. I'm thinking with this attack you could inject malicious code into otherwise innocuous HTTP traffic. For example, you might add a "Install the latest Google Toolbar!" link straight into the live, functional Google homepage, and even make that link look like it's coming straight from http://google.com, but then host a virus-infected version of Google Toolbar.
-david Tien Tuan Anh Dinh wrote: >> I'm primarily thinking of a wifi office or internet cafe; can't >> everybody sniff everybody else's traffic (including DNS requests)? Does >> this mean that every wifi network is vulnerable to this really easy >> attack, and there's basically no defense other than upgrading all of DNS? > > When your traffic is in plain-text while you're in a wifi cafe, you give > your privacy to the one operating that access point already. > > https was designed for these scenarios. When your traffic is sensitive, > use https. > > I'm wondering what would one gain by eavesdropping unimportant traffic > of others in an Internet cafe? I'm not sure if this attack can cause any > noticeable damage. > > A. > > > > > > _______________________________________________ > p2p-hackers mailing list > p2p-hackers@lists.zooko.com > http://lists.zooko.com/mailman/listinfo/p2p-hackers _______________________________________________ p2p-hackers mailing list p2p-hackers@lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers
