Ian G wrote: > Unless you are saying that these sysadms work for > ISPs and they are attacking the traffic passing through, > that would be a threat. So how many of these sys > admins are there? Is the 1/3 a proportion of the ones > caught, or a proportion of total sys admins?
They had been to prison prior to being employed prior to causing havoc on someone's network... I consider all transit providers a threat, especially in light of past performances of carnivore and the like... If the FBI and Verisign can do it, why can't every other ISP in existence? Which brings me back to an earlier reply I seem to be getting silent treatment about, when will the browser warn me about fingerprint changes? At present Verisign controls a fairly well seeded bunch of root certificates and the DNS, and has the potential to MITM most sites in existence... > OK, so this is an accidental artifact of a system, > probably badly configured or with aspects that they > hadn't thought out. Fixed in the beta, I would guess. It's still a threat having that much information and nothing to protect a users password with... If this is going to be one of these arguments you try and knock down all my points because of no test cases made public? -- Best regards, Duane http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! http://e164.org - Using Enum.164 to interconnect asterisk servers "In the long run the pessimist may be proved right, but the optimist has a better time on the trip." _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
