17 Dec
2003
17 Dec
'03
11:17 p.m.
Marc Horowitz says:
You're exactly right. However, getting people to deploy real security systems is nearly impossible. My company sells a kerberos system, and although everyone is saying they want security, nobody really understands what this means, and as soon as we tell them that it actually involves effort, they become far less interested.
Kerberos per se isn't sufficient to defend against session hijacking attacks, you know. The situation in question is really insidious and requires packet-by-packet cryptographic authentication. Perry