Thread: https access
View Single Post
Old 03-12-08, 09:11 AM   #7
Runningman
Registered User
 
Runningman's Avatar
 
Join Date: Feb 2008
Posts: 925
Default Re: https access

Quote:
Sniffing is much easier than MTM, it is enough to sit in somewhere in the connection path and capture the traffic, while MTM must be able to capture _and_ change packets in _both_ directions, for all packets. Not to mention that, above TLS, some browser provide also other consistency check.
Of course, the ISP can do easily MTM, but almost everybody can do sniffing.
wait, what. almost everybody can not do any of these attacks unless they have root access to a machine within your path at the ISP and tier 1 levels, if your worried about DNS cache poisoning then just run a caching DNS server locally. these things arent as easy as you make them out to be. besides what hacker is going to want your nvnews password...sounds kinda wierd to be worring about something like this...
Runningman is offline   Reply With Quote