[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SecurityPortal re: Attacks on SSH and SSL
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: SecurityPortal re: Attacks on SSH and SSL
- From: Dug Song <dugsong_(_at_)_monkey_(_dot_)_org>
- Date: Mon, 18 Dec 2000 14:15:10 -0500
On Mon, Dec 18, 2000 at 10:43:51AM -0600, Mark Beihoffer wrote:
> Please comment, as OpenBSD uses SSH in the default install.
see the dsniff FAQ for background.
i disagree somewhat with what mats said - i believe you actually can
fight stupid users, if you're an experienced BOFH armed with the right
for instance, this is how we used dsniff to get rid of plaintext
network authentication at CITI:
btw, i checked the error messages OpenSSH produces in the face of a
monkey-in-the-middle attack with both Niels and Markus, and i think
they're obnoxious enough now to give even the most clueless of users
pause to consider what's actually going on when a host key changes.
this is really the best you can hope for, when our technology is so
prone to user error...