In message <[EMAIL PROTECTED]>, Anne & Lynn Whee
ler writes:

>
>at a recent cybersecurity conference, somebody made the statement that (of 
>the current outsider, internet exploits, approximately 1/3rd are buffer 
>overflows, 1/3rd are network traffic containing virus that infects a 
>machine because of automatic scripting, and 1/3 are social engineering 
>(convince somebody to divulge information). As far as I know, evesdropping 
>on network traffic  doesn't even show as a blip on the radar screen.

One could argue that that's because of https...

More seriously, eavesdropping on passwords was a *very* big problem 
starting in late 1993.  Part of the problem was that ISPs then didn't 
know better than to put NOC workstations on their backbone LANs; when 
those were compromised, the attackers had wonderfully-placed 
eavesdropping stations.  

                --Steve Bellovin, http://www.research.att.com/~smb (me)
                http://www.wilyhacker.com (2nd edition of "Firewalls" book)



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to