>> 8. @Mohit, can you explain why DoS may somehow deregulation at the >> databases and how/if they would reveal passwords? (I don't understand >> what you are trying to say there :P) >>
I want to elicit that the bottom halves of kernel may be combined to make an attack hack for a few moments. DoS attack tools are open source and for any news on Dos/DDoS attacks, kindly use Google Web Alerts. > 1. About the compromised squid box: > @Mohit: Think at least twice before making such claims. If I design a > system, not any jerkhead can break into it. Kindly read at least twice what I wrote - 'I cant assume that your squid box was compromised, but it is still a possibility'. - if this 'possibility' irks a sys admin, I just appreciate the spirit at least twice. > Assuming that HTTPS is unbreakable (which isn't the case in all > scenarios), any tinkering with the web traffic will get notified on > the client side. selfcommented by yourself. HTTPS is breakeable! It uses only a combination of those ciphers for which dedicated clusters have already been implemented by the pirates of the Caribbean. > 2. About Kerberos set up for emails: > Implementing a Kerberos system in place of the cookies and session > based systems, IMHO will make things less secure. How do you make sure > that every machine from which you are trying to access a ticket, has a > proper keytab ? Kerberos works perfectly for small networks, but I > haven't encountered any publically available web technology that uses > Kerberos. Definitely, it needs brainstorming, but with the current > infrastructure in place, it is impossible to change the entire system. Can we make a device the only place to open our mail? Can we? Then lets do that :) -- Mohit Singh GNU/Linux User Group - Meerut -- l...@iitd - http://tinyurl.com/ycueutm
