[pp.int.general] pp.international.general Digest, Vol 19, Issue 19

Christian Hufgard christian.hufgard at piratenpartei-hessen.de
Thu Sep 18 17:04:34 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Richard,

> These two points make an interesting contrast.  Skype is also non-free
> software (thus tailor-made for such abuse).
> 
> Posting your skype account is as much as saying "Please use Skype" to
> the rest of the list.  Is that a good idea?

Well... Skype is neat - unless you are the firewall adminstrator. But
there are enough other ways to communicate with others via voice...

>      and Man-In-The-Middle-Attacks to break
>     > >>>>> SSL-Encryption),
> 
> Can someone say where I could get more info in English about this
> vulnerability in SSL?  I thought SSL certificates were supposed to
> prevent this.

There was no SSL vulnerability used. At least the document says, the
man-in-the-middle-attack is only possible with Firefox and Internet
Explorer. The skype-capturing was available for Windows 2000 and Windows
XP. So our guess is, that they just hacked the ssl libraries for Firefox
and IE.
This way, the grab the data before/after encoding and your browser does
not even realize, that something is going wrong.


Christian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFI0m4CxGyXP1L6p88RApJDAJ94kte9of+6TAx5Pfq48m7gGhrgygCdHAfE
nagxqkY6XPSbG1RHcmvQXEU=
=zFQy
-----END PGP SIGNATURE-----


More information about the pp.international.general mailing list