On Thu, 17 Sep 2009, Eugen Leitl wrote:
Look at everything Grobbage says at below URL. I honestly don't know into which cathegory to place him. If he's genuine, the state of the art is quite a bit more advance than I've thought (active MITM for system compromise instead of just passive taps).
I suspect he's doing what I've done on several dozen systems: he's attacking novice users who leave passwords cached, private and public keys together, weak passwords across all systems and encrufted (Gates' version of 'encrypted :-) or encrypted files. As for the wirespeed intercept on the backbone, thats OLD news: we were doing in the core at Savvis back in 2000. He's exploiting the stupid, not the real users. And lets face it - most users have less than a clue. //Alif -- Yours, J.A. Terranson sysadmin_at_mfn.org 0xF6D40CF5 0xpgp_key_mgmt_is_broken-dont_bother "Never belong to any party, always oppose privileged classes and public plunderers, never lack sympathy with the poor, always remain devoted to the public welfare, never be satisfied with merely printing news, always be drastically independent, never be afraid to attack wrong, whether by predatory plutocracy or predatory poverty." Joseph Pulitzer 1907 Speech