[PLUG] Secret message web page

Wil Cooley wcooley at nakedape.cc
Mon Apr 16 17:20:03 UTC 2007


Charlie Schluting wrote:

> Everyone is always uppidy about MITM attacks. The truth is, nobody can
> MITM you out on the big bad internet. That'd require compromising an
> ISP's core router, and mirroring a port to a compromised box. Oh, and
> the ability to inject packets, so said compromised box would have to be
> attached to the same router. It's very unlikely to find such an environment.

You're right about being uppity about MITM attacks--they're fairly hard 
to pull off and whatever Keith is exchanging is probably not worth a 
cracker's time.

It's not impossible, though--if you were, for example, a federal agent 
granted powers of warrantless wire-tapping or just cozy with compliant 
megacoms.

> If this will be used by many people, I'd suggest password protecting it
> first of all. Buying a $20 SSL cert from godaddy is also a good idea.
> (Yes, their CA cert is in everyone's browser)

With certs available so cheaply, it's probably worthwhile if for no 
other reason than to not have to repeatedly explain to people that they 
just need to accept the cert and move on.

Wil




More information about the PLUG mailing list