Hi ...
On Sat, Sep 01, 2001 at 04:54:32PM -0500, Rob Zietlow wrote:
>So it's not as much of an insecurity in the connections, it's mostly a user
>issue. Watch your keys, especially when they change unexpectedly (school
>changes thiers every 6 months).
Ok .. I thought of it ... :)
Thnx for a
Hi ...
On Sat, Sep 01, 2001 at 04:54:32PM -0500, Rob Zietlow wrote:
>So it's not as much of an insecurity in the connections, it's mostly a user
>issue. Watch your keys, especially when they change unexpectedly (school
>changes thiers every 6 months).
Ok .. I thought of it ... :)
Thnx for
lic wrote:
> Hi all...
>
> I have a small question.
>
> I found on SF a small tool, which may sniffing SSH and HTTPS (not
> tested).
>
> The Url is :
>
> http://ettercap.sourceforge.net/
>
> Is it possible? Are SSH und HTTPS
lic wrote:
> Hi all...
>
> I have a small question.
>
> I found on SF a small tool, which may sniffing SSH and HTTPS (not
> tested).
>
> The Url is :
>
> http://ettercap.sourceforge.net/
>
> Is it possible? Are SSH und HTTPS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> "Michael" == Michael Wood <[EMAIL PROTECTED]> writes:
[...]
Michael> Ahhh, but this is quite easily guessable, since for most stuff
Michael> you type, the server echos it. For passwords, it doesn't.
Michael> i.e. just watch the SSH session, a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> "Michael" == Michael Wood <[EMAIL PROTECTED]> writes:
[...]
Michael> Ahhh, but this is quite easily guessable, since for most stuff
Michael> you type, the server echos it. For passwords, it doesn't.
Michael> i.e. just watch the SSH session,
On Wed, Aug 29, 2001 at 01:40:20PM +0100, Eric E Moore wrote:
> > "Michael" == Michael Wood <[EMAIL PROTECTED]> writes:
>
> Michael> Ahhh, but this is quite easily guessable, since for most
> Michael> stuff you type, the server echos it. For passwords, it
> Michael> doesn't. i.e. just watch
> "Michael" == Michael Wood <[EMAIL PROTECTED]> writes:
Michael> Ahhh, but this is quite easily guessable, since for most
Michael> stuff you type, the server echos it. For passwords, it
Michael> doesn't. i.e. just watch the SSH session, and when you see
Michael> packets going to the server
On Wed, Aug 29, 2001 at 01:40:20PM +0100, Eric E Moore wrote:
> > "Michael" == Michael Wood <[EMAIL PROTECTED]> writes:
>
> Michael> Ahhh, but this is quite easily guessable, since for most
> Michael> stuff you type, the server echos it. For passwords, it
> Michael> doesn't. i.e. just watc
> "Michael" == Michael Wood <[EMAIL PROTECTED]> writes:
Michael> Ahhh, but this is quite easily guessable, since for most
Michael> stuff you type, the server echos it. For passwords, it
Michael> doesn't. i.e. just watch the SSH session, and when you see
Michael> packets going to the server
On Tue, Aug 28, 2001 at 05:57:39PM -0600, Hubert Chan wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> > "Richard" == Richard <[EMAIL PROTECTED]> writes:
>
> [...]
>
> Richard> There also an analasis of the ssh packetstream
> Richard> revealing the number of chars in the passwd.
On Tue, Aug 28, 2001 at 05:57:39PM -0600, Hubert Chan wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> > "Richard" == Richard <[EMAIL PROTECTED]> writes:
>
> [...]
>
> Richard> There also an analasis of the ssh packetstream
> Richard> revealing the number of chars in the passwd
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> "Richard" == Richard <[EMAIL PROTECTED]> writes:
[...]
Richard> There also an analasis of the ssh packetstream revealing the
Richard> number of chars in the passwd.
Small clarification: this may reveal the number of characters in any
password
On Tue, Aug 28, 2001 at 06:44:59PM +0200, Davy Gigan wrote:
> Jan-Hendrik Palic writes:
> > http://ettercap.sourceforge.net/
> >
> > Is it possible? Are SSH und HTTPS connections unsecure and how do we
> > make is secure than?
>
> old ssh protocol v1.5 IS a security hole, you can snif it. I d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> "Richard" == Richard <[EMAIL PROTECTED]> writes:
[...]
Richard> There also an analasis of the ssh packetstream revealing the
Richard> number of chars in the passwd.
Small clarification: this may reveal the number of characters in any
passwor
On Tue, Aug 28, 2001 at 06:44:59PM +0200, Davy Gigan wrote:
> Jan-Hendrik Palic writes:
> > http://ettercap.sourceforge.net/
> >
> > Is it possible? Are SSH und HTTPS connections unsecure and how do we
> > make is secure than?
>
> old ssh protocol v1.5 IS a security hole, you can snif it. I
hi ya
and for the list of the rest of the sniffers to check out...
http://www.Linux-Sec.net/Sniffer
one of the boxes i had over the past 3 years was sniffed ... probably
ssh-1.x series ... just didnt know how they did it 3 yrs ago
- no damage done ... but a good trick...
have fu
On Tue, 28 Aug 2001, Jan-Hendrik Palic wrote:
> Hi all...
>
> I have a small question.
>
> I found on SF a small tool, which may sniffing SSH and HTTPS (not
> tested).
>
> The Url is :
>
> http://ettercap.sourceforge.net/
>
> Is it possible? Are SSH und H
Jan-Hendrik Palic writes:
> >Don't know for https, but that's not a surprise then.
>
> Why?
https is based on ssl, so does ssh, if one can be sniffed, why wouln't it be
same
for the other ? I think (and i may (must) be wrong) that https sniffing is based
on weakness of ssl when used in https (
hi ya
and for the list of the rest of the sniffers to check out...
http://www.Linux-Sec.net/Sniffer
one of the boxes i had over the past 3 years was sniffed ... probably
ssh-1.x series ... just didnt know how they did it 3 yrs ago
- no damage done ... but a good trick...
have f
Jan-Hendrik Palic writes:
> >Don't know for https, but that's not a surprise then.
>
> Why?
Because of the sentence below : 'Remember there is no 100% secure software.' ;-)
--
Davy Gigan
System & Network Administration
University Of Caen (France)
Hi ..
On Tue, Aug 28, 2001 at 06:44:59PM +0200, Davy Gigan wrote:
>Jan-Hendrik Palic writes:
> > http://ettercap.sourceforge.net/
> >
> > Is it possible? Are SSH und HTTPS connections unsecure and how do we
> > make is secure than?
>old ssh protocol v1.5 IS a security hole, you can snif it. I don
Jan-Hendrik Palic writes:
> http://ettercap.sourceforge.net/
>
> Is it possible? Are SSH und HTTPS connections unsecure and how do we
> make is secure than?
old ssh protocol v1.5 IS a security hole, you can snif it. I don't know any
vulnerability
for the last OpenSSH_2.9p2 or OpenSSH_2.5.2p2
On Tue, 28 Aug 2001, Jan-Hendrik Palic wrote:
> Hi all...
>
> I have a small question.
>
> I found on SF a small tool, which may sniffing SSH and HTTPS (not
> tested).
>
> The Url is :
>
> http://ettercap.sourceforge.net/
>
> Is it possible? Are SSH un
Hi all...
I have a small question.
I found on SF a small tool, which may sniffing SSH and HTTPS (not
tested).
The Url is :
http://ettercap.sourceforge.net/
Is it possible? Are SSH und HTTPS connections unsecure and how do we
make is secure than?
Greetings
Jan-Hendrik Palic writes:
> >Don't know for https, but that's not a surprise then.
>
> Why?
https is based on ssl, so does ssh, if one can be sniffed, why wouln't it be same
for the other ? I think (and i may (must) be wrong) that https sniffing is based
on weakness of ssl when used in https (
Jan-Hendrik Palic writes:
> >Don't know for https, but that's not a surprise then.
>
> Why?
Because of the sentence below : 'Remember there is no 100% secure software.' ;-)
--
Davy Gigan
System & Network Administration
University Of Caen (France)
--
To UNSUBSCRIBE, email to [EMAIL PROTECT
Hi ..
On Tue, Aug 28, 2001 at 06:44:59PM +0200, Davy Gigan wrote:
>Jan-Hendrik Palic writes:
> > http://ettercap.sourceforge.net/
> >
> > Is it possible? Are SSH und HTTPS connections unsecure and how do we
> > make is secure than?
>old ssh protocol v1.5 IS a security hole, you can snif it. I do
Jan-Hendrik Palic writes:
> http://ettercap.sourceforge.net/
>
> Is it possible? Are SSH und HTTPS connections unsecure and how do we
> make is secure than?
old ssh protocol v1.5 IS a security hole, you can snif it. I don't know any
vulnerability
for the last OpenSSH_2.9p2 or OpenSSH_2.5.2p
Hi all...
I have a small question.
I found on SF a small tool, which may sniffing SSH and HTTPS (not
tested).
The Url is :
http://ettercap.sourceforge.net/
Is it possible? Are SSH und HTTPS connections unsecure and how do we
make is secure than?
Greetings
30 matches
Mail list logo
