mailing list archives
RE: Web Traffic Security and Eavesdropping
From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 12 Nov 2008 11:04:27 -0800
I think it was less than two months ago that there was an alert
about rogue routers spoofing BGP info in order to get traffic for
a chosen destination network sent to an attacker. I seem to
recall seeing a rootkit for IOS talked about as well. Or of
course there could be an insider at an ISP -- perhaps a transit
carrier with no contractual obligation to either endpoint.
Sending sensitive information across the Internet unencrypted
is like mailing it on a postcard. Postal employees are, on the
whole, honourable and honest -- but all it takes is one, somewhere,
or somebody willing and able to get into a mailbox....
From: mojorising [mailto:moj0rising () aim com]
Sent: Monday, November 10, 2008 5:16 PM
To: security-basics () securityfocus com
Subject: Web Traffic Security and Eavesdropping
Hi, there. We all know many web sites out there encrypt
connections with SSL to prevent eavesdropping on user
sessions. In a conversation about this today while securing
web services/ applications of one of our sites, a friend
asked how such a thing is possible if the eavesdropper is not
on the same network as the end-user or server being watched.
I couldn't provide a very good answer and was wondering if
anyone out there could. We know how easy it would be if you
were on the same network or had access to one of the nodes on
either end or even, perhaps, a switch or router, etc in
between those two points.
Basically, the question is, can someone out there in the big,
bad, internet somehow watch all traffic going to and from
another node on the internet (like a web server for example)
without being on the same local network as the node they are
watching? I'm quite sure the answer to this is yes and if
yes, then how is it done?
RE: Web Traffic Security and Eavesdropping David Gillett (Nov 12)
Re: Web Traffic Security and Eavesdropping Adam Pal (Nov 17)