From: "Sean Courtney" <[EMAIL PROTECTED]>
> sending credit card info, with or without a secure page. The author brought
> up the point that e-mail and web info is broken up into several packets, and
> even if they were intercepted by a hacker/thief/whatever, they'd have to
> somehow piece the packets together the exact right way...
That's totally easy, as you don't need to follow the full data stream,
you just need to check for patterns. A standard linux installation
with tcpdump and grep is enough to check a LAN for potential
credit card data (or FTP passwords, or telnet logins, or POP3
logins)
The "Security by Obfuscation" approach doesn't provide security,
just a false feeling of it (like implementing a crytographic strong
cipher and using the output of time() as a key, like Netscape 2.x
did :)
Olli
--
Oliver Wagner <[EMAIL PROTECTED]> http://www.vapor.com/
Finger: [EMAIL PROTECTED] ICQ: you're kidding :)
