[pp.int.general] pp.international.general Digest, Vol 19, Issue 19
Glenn Kerbein
glenn.kerbein at pirate-party.us
Thu Sep 18 16:52:45 CEST 2008
"""
These two points make an interesting contrast. Skype is also non-free
software (thus tailor-made for such abuse).
"""
I agree with this point. Although, there are a few contacts I know that
will ONLY use Skype for internet communication, because they have
analyzed it's traffic, and feel it's safe.
Personally, I dislike it. It's generally just bad software, it looks
horrible, it's fairly unreliable for those with a lower-end internet
connection, like those with ADSL.
"""
Can someone say where I could get more info in English about this
vulnerability in SSL? I thought SSL certificates were supposed to
prevent this.
"""
In theory, it is possible to perform a MITM with SSL, if you're on the
same network, say a cafe. You could run ettercap and act as the router
in order to intercept traffic, and alter DNS information/lookups. It's
much easier to do this with sites that have self-signed certificates,
since most people just blow these off as "I have to add this
certificate AGAIN?" But it's much harder to do with CA-signed
certificates and SSH sessions/keys.
--
Glenn Kerbein
Co-Administrator
Pirate Party of the United States
glenn.kerbein at pirate-party.us
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.pirateweb.net/pipermail/pp.international.general/attachments/20080918/daa91ba2/attachment-0001.pgp
More information about the pp.international.general
mailing list