2009/7/7 Aryeh Gregor <[email protected]>: > But really -- have there been *any* confirmed incidents of MITMing an > Internet connection in, say, the past decade? Real malicious attacks > in the wild, not proof-of-concepts or white-hat experimentation? I'd > imagine so, but for all people emphasize SSL, I can't think of any > specific case I've heard of, ever. It's not something normal people > need to worry much about, least of all for Wikipedia.
Nope. The SSL threat model is completely arse-backwards. It assumes secure endpoints and a vulnerable network. Whereas what we see in practice is Trojaned endpoints and no-one much bothering with the network. - d. _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
