Re: Web Traffic Security and Eavesdropping

[mojorising <moj0rising () aim com>]

Guys, thanks for these awesome responses.

So, basically, it seems my friend and I were on the right track when
we couldn't think of a way some random person could sniff all (or any)
traffic going to and from a web site (or any node on the Internet)
they don't have access to (or have access to a node somewhere along
the way, like a router or switch). The answer is that it's not really
possible. This statement primarily holds true under somewhat normal
circumstances, of course, aside from hacks like the BGP exploit
mentioned in the Wired article.

Mike



2008/11/12 Jorge L. Vazquez <jlvazquez825 () gmail com>:
> agree with that... has lots of information, but it doesn't say anything
>
>
> Jorge L. Vazquez
> blog: www.pctechtips.org
>
>
> David Crandell wrote:
> > That article is wicked!
> >
> > Kinda one of those blindingly-obvious concepts....
> >
> > Dave Crandell
> > Vice President, Information Systems
> > On Hold Media Group
> > 972-758-1300
> > david () onholdwizard com
> >
> >
> > -----Original Message-----
> > From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
> > Behalf Of Shreyas Zare
> > Sent: Wednesday, November 12, 2008 10:31 AM
> > To: mojorising
> > Cc: security-basics () securityfocus com
> > Subject: Re: Web Traffic Security and Eavesdropping
> >
> > Hi,
> >
> > I think this (http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html)
> > will explain how.
> >
> > Regards,
> >
> > On Tue, Nov 11, 2008 at 6:46 AM, mojorising <moj0rising () aim com> wrote:
> >
> > > Hi, there. We all know many web sites out there encrypt connections with
> > SSL
> >
> > > to prevent eavesdropping on user sessions. In a conversation about this
> > > today while securing web services/ applications of one of our sites, a
> > > friend asked how such a thing is possible if the eavesdropper is not on
> > the
> >
> > > same network as the end-user or server being watched. I couldn't provide a
> > > very good answer and was wondering if anyone out there could. We know how
> > > easy it would be if you were on the same network or had access to one of
> > the
> >
> > > nodes on either end or even, perhaps, a switch or router, etc in between
> > > those two points.
> > >
> > > Basically, the question is, can someone out there in the big, bad,
> > internet
> >
> > > somehow watch all traffic going to and from another node on the internet
> > > (like a web server for example) without being on the same local network as
> > > the node they are watching? I'm quite sure the answer to this is yes and
> > if
> >
> > > yes, then how is it done?
> > >
> > >
> > > Thanks,
> > > Mike
> >
> >
> >
> > --
> > Shreyas Zare
> > Co-Founder, Technitium
> > eMail: shreyas () technitium com
> >
> > ..::< The Technitium Team >::..
> > Visit us at www.technitium.com
> > Contact us at theteam () technitium com
> >
> > "Even if you're on the right track, you'll get run over if you just sit
> > there."
> > --Will Rogers
> >
> > "So run ..."
> > -- Shreyas Zare
> >
> > Join Sci-Tech News group and get the latest science & technology news
> > in your inbox. Visit http://tech.groups.yahoo.com/group/sci-tech-news
> > to join.