On Thu, 6 Jul 2000, Karl J. Runge wrote:
> But let's be practical here. It's about the continuum of risk management
> rather than absolute "NSA level" security.
Of course. I've said it before myself, all security decisions need to be
evaluated in terms of risk/benefit analysis. I mainly wanted to make sure
people were aware of the risks in such a situation.
> Intercept-and-replace attacks are a good deal harder than sniffing
> attacks ....
While true from a purely technical standpoint, a lot of this has been
automated by scripts these days. And someone in a position to sniff your
connection will often be in a position to intercept it.
> Someday, sniffing will be passe and intercept+replace will be par for the
> course ...
Actually, I think the latter used to be more commonplace then it is now.
Everyone used to trust each other, and routing control messages were generally
accepted "on the honor system". These days, source routing and ICMP redirect
messages are almost universally ignored.
> However if I ever needed "NSA level" security, I'd hire you Ben ;-)
LOL. I've actually had to work with people from the NSA. If you think
*I'm* paranoid, you should meet some of them. :-)
--
Ben Scott <[EMAIL PROTECTED]>
| "Meddle not in the affairs of wizards, for they are subtle, and quick |
| to anger." -- J.R.R. Tolkien |
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
