Aye! What he said! Question: So with a "mitm" attack even ssl (https) isn't safe? The person doing the attack can see encrypted passwords?
--Manny On Sun, Dec 28, 2008 at 9:50 AM, Roger E. Rustad, Jr. <[email protected]> wrote: > Hey guys, > > I would like to formally address the "man in the middle" script kiddie > stuff that Dan Tentler was doing to the SoCal Linux group last night at > the coffee shop. > > Personally, I take issue with Dan... > > (a) Not formally and publicly disclosing that he was using Backtrack to > sniff other members' traffic. > (b) Not immediately getting rid of another member's gmail password once > he handed out a fake certificate and sniffed it with Ethereal. > (c) Doing what he was doing secretly, rather than for the edification of > the group > (d) Changing the of an otherwise friendly meeting. > > I consider Dan's actions last night tantamount to pick pocketing fellow > members when we're having a discussion that's not about pick pocketing. > > I also would argue that if we, as a group, are going to be cool with > other members (or, in this case, a friend of a member) secretly doing > this kind of thing to each other, then we have an obligation to inform > newbies in our group who do not know any better, particularly > unsuspecting friends, girlfriends, coworkers, or kids who sometimes > accompany us. > > Our meetings are not mini Defcons or 2600 meetups, and it's not > reasonable for new people to come and expect this type of sophomoric > crap to take place. When one goes to Defcon, one can reasonably expect > to get messed with. It is the nature of the conference, and much of what > is done is often made public for everyone's edification (e.g. Wall of > Shame). > > I like to think of SoCal Linux as a group of open source advocates who > work at places like Apple, Google, Microsoft, ESRI, etc. Kiddie > scripting is not, in my opinion, the tone of our group, and if we are > going to be cool with someone doing this sort of thing, then we should > should ask the person in question to formally disclose what s/he is > doing beforehand or perhaps make a public presentation about it, not do > it on the side secretly. > > I would be curious to know what other people in the group think about > this. (Dan Tentler is cc'd on this, as well) > > Rog > _______________________________________________ > LinuxUsers mailing list > [email protected] > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers >
