This can be gathered without any such spamming.
[EMAIL PROTECTED] wrote:
> this is probably a bit off topic, and i am not overly familiar with the
> cryptanalisis of SSL or mod_ssl, and don't spend a lot of time in these
> areas
>
> given,
> 1. that people on the [EMAIL PROTECTED] list are probably system
> administrators.
> 2. probably work within the domain that the mod_ssl is installed in
> 3. probably use client certificates.
> 4. will send an email, hence a system administrators username to this
> spammer
> 5. visit the http and https servers of this spammer
> 6. this spammer could collect the information sent in https GET requests.
> 7. i am paranoid
> 8. even the paramoid have enemies
>
> could a security hole in the mod_ssl implmentation be derived from an
> analysis of a large volume of this information, say a statistical attack on
> RSA encryption / decryption exponents which could lead to the factoring of a
> modulus. or some such long dry math stuff?
>
> If an statistical attack of some form is possible how much information might
> be needed. (it is probable that there are a lot of mights and probables in
> this question)
>
> :) chris
>
> ----- Original Message -----
> From: "Colin Faber" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, October 11, 2000 2:40 PM
> Subject: Re: Who is this clueless moron?
>
> > See, Just another reason why clue less people shouldn't have internet
> > access..
> >
> >
> >
> > "Michael T. Babcock" wrote:
> >
> > > Very astute of you to try https. I think the private E-mails I sent him
> > > earlier may have helped him re-think things too ... but I don't know.
> > >
> > > Lets all hope ;-).
> > >
> > > James Treworgy wrote:
> > >
> > > > The answer lies..
> > > >
> > > > https://www.ahresources.org
> > > >
> > > > (https, not http)
> > > >
> > > > He got to ModSSL via the "Apache Interface to SSLEay" link. I guess he
> > > > missed the next paragraph that reads
> > > >
> > > > "ATTENTION! f you are seeing this page instead of the site you
> > > > expected, please contact the administrator of the site involved.
> > > > Although this site is running the Apache software it almost certainly
> > > > has no other connection to the Apache Group, so please do not send
> > > > mail about this site or its contents to the Apache authors. If you do,
> > > > your message will be ignored"
> > > >
> > > > Apparently he's ceased his attack, and hopefully in his second day of
> > > > life on the internet he'll be a little more careful before shooting
> > > > everything that moves...
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
