[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] DANGER WILL ROBINSON!!! A tool for MIM/c*apfilt and poisoning listed on /.
- Subject: [cobalt-security] DANGER WILL ROBINSON!!! A tool for MIM/c*apfilt and poisoning listed on /.
- From: "Michael J. Cannon" <mcannon@xxxxxxxxxxxxxx>
- Date: Thu, 9 Aug 2001 17:44:46 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
For those of you following this continuing flamewar/soap opera/whatever:
yeah, yeah...I'm getting my replies and links together...
However: THIS just showed up on /. ...knowledge of tools like this has so
far escaped the vastness of the scriptoids, but now the cat is out of the
bag.
Link is:
http://ettercap.sourceforge.net/index.php?s=home
...and, yes, you read right...this sniffer will decrypt and stream SSL data
from an https:// session full duplex in real time. Don't let the 'OpenSSL'
requirement lull you into complacency...RSA/etc. commercial implementations
only add a few milliseconds to the stream lag.
...and this is NOT the best tool available to the black hats...there are FAR
worse...
Just thought I'd 'make your day.'
Also, the WEP and SSH1 are toast...so, SSH1 clients and servers and any
links or hosts inside your firewalls using 802.11 nodes and host access
points have exposed your entire network. Assume you are 'owned,' especially
if you're located in a large, tech-center type city.
WLAN crack:
http://www.eetimes.com/story/OEG20010808S0042
Whitepaper (.pdf file...manually scan it for virii!)
http://www.cs.rice.edu/~astubble/wep_attack.pdf
Cure: make sure you are properly implementing SSL on your boxen, including
for https:// Get SSH2 up on all boxes. Begin to port forward and filter.
Look into IDS.
Here are links to securing Linux: