this is probably a bit off topic, and i am not overly familiar with the
cryptanalisis of SSL or mod_ssl, and don't spend a lot of time in these
areas
given,
1. that people on the [EMAIL PROTECTED] list are probably system
administrators.
2. probably work within the domain that the mod_ssl is installed in
3. probably use client certificates.
4. will send an email, hence a system administrators username to this
spammer
5. visit the http and https servers of this spammer
6. this spammer could collect the information sent in https GET requests.
7. i am paranoid
8. even the paramoid have enemies
could a security hole in the mod_ssl implmentation be derived from an
analysis of a large volume of this information, say a statistical attack on
RSA encryption / decryption exponents which could lead to the factoring of a
modulus. or some such long dry math stuff?
If an statistical attack of some form is possible how much information might
be needed. (it is probable that there are a lot of mights and probables in
this question)
:) chris
----- Original Message -----
From: "Colin Faber" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 11, 2000 2:40 PM
Subject: Re: Who is this clueless moron?
> See, Just another reason why clue less people shouldn't have internet
> access..
>
>
>
> "Michael T. Babcock" wrote:
>
> > Very astute of you to try https. I think the private E-mails I sent him
> > earlier may have helped him re-think things too ... but I don't know.
> >
> > Lets all hope ;-).
> >
> > James Treworgy wrote:
> >
> > > The answer lies..
> > >
> > > https://www.ahresources.org
> > >
> > > (https, not http)
> > >
> > > He got to ModSSL via the "Apache Interface to SSLEay" link. I guess he
> > > missed the next paragraph that reads
> > >
> > > "ATTENTION! f you are seeing this page instead of the site you
> > > expected, please contact the administrator of the site involved.
> > > Although this site is running the Apache software it almost certainly
> > > has no other connection to the Apache Group, so please do not send
> > > mail about this site or its contents to the Apache authors. If you do,
> > > your message will be ignored"
> > >
> > > Apparently he's ceased his attack, and hopefully in his second day of
> > > life on the internet he'll be a little more careful before shooting
> > > everything that moves...
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
