> As suspected... so I am correct; and it is a security threat. I can > compromise a network, arp poison it, MiTM, access the firewall, > distributed metastasis, presto... owned...
You are completely missing the point. Did you read my first response? If you properly use your PKI, then doing a simple MitM attack, as you describe, is not possible without bells and whistles going off in your browser. There are plenty of SSL & PKI tutorials online. I suggest you read some. tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
