On Thursday 05 October 2006 18:49, Kevin Aebig wrote: > Maybe I'm a bit naïve in this department, but isn't the following pretty > well fact: > 1 - MitM attacks were initially born from Wireless Network Hacking, not on > location.
Geez, Err, no ? See, for instance, the US navy fitting subs out with magnetic induction kit and parking them over undersea cables, never mind just tapping the telegraph lines at the entry points to the US during both world wars. > 2 - A good business based Switch or Firewall, properly configured can and > will prevent / alert against most inhouse hacks / exploits. Nope. For instance, I can install a rougue DHCP server that responds faster than the real one, and redirect all your traffic via me. > 3 - The skills needed to pull a hack of this sort would basically mean that > at one point your company hired a professional security expert, thus > opening the door anyways? Err, what ? Are you saying all security professionals are corrupt ? Or that it can't be pulled off by a spotty 13 year old kid ? > 99.9999% of computer users wouldn't know where to start when it comes to > hacking SSL. They don't understand the client / server communication nor do > they understand the encryption algorithms. This is true though. > I've personally got a couple security guys I use to handle audits for my > clients and though they have ways of pulling this off, it's extremely > difficult... and it's all they do. Pfft. -- Tom Chiverton Helping to administratively enable best-of-breed materials **************************************************** This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at St James's Court Brown Street Manchester M2 2JF. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by the Law Society. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 8008. For more information about Halliwells LLP visit www.halliwells.com. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:255771 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
