While these tangents are interesting, my original question is still
unanswered. Does anyone have any references to news stories, etc...
about attackers sniffing user's web data and then using it?
This is not a questions of whether sniffing is a real threat, it is.
This is a question of having verifiable proof that this is happening
in order to "convert" the unbelievers. We have verifiable proof that
credit card data is being pilfered in other ways (keyloggers, access
to DB, etc...). Check out the WASC Web Hacking Incident Database for
news stories -
http://www.webappsec.org/projects/whid/list_class_sql_injection.shtml
--
Ryan C. Barnett
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor: Securing Apache
GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache
-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics
ALERT: "How A Hacker Launches A Web Application Attack!"
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
Received on Mar 29 2006
Intro
