LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] [ot] secure sites

[ILUG] [ot] secure sites

Gavin McCullagh gavin at fiachra.ucd.ie
Thu Nov 1 14:14:47 GMT 2001 

On Thu, 01 Nov 2001, Fergal Daly wrote:

> On Thu, Nov 01, 2001 at 01:14:19PM +0000, Gavin McCullagh wrote:
> > Well if the subnet you sit on is not switched, the others on the subnet
> > could do it either.  That's important in some places (eg a college,
> > internet cafe, library).  Lot's of very dodgy people playing with stuff on
> > the UCD network.  Not to mention the number of undiscovered hacked
> > machines which outsiders have effective control over.
> 
> Aboslutely but then again I think not being switch would be far worse at the
> server end than the client end. The difference being that the percentage of
> sensitive info travelling to the server (from all over the world) is
> relatively high and when you write your traffic analyser, you know what urls
> and what fields your looking for.

Wel in fairness if we're talking about an SSL server that's taking credit
card orders, I'd assume it'd be switched as much for bandwidth to it's
database server as anything else.

If you're talking about someone who can get onto the subnet of the web
server and have permissions to go into promiscous mode then I'd say he's
either:

* A dodgy dishonest sysadmin or
* they have a net/sysadmin who is crap and hasn't stopped anyone else from
doing this

In either case, I wouldn't be happy sending my credit card info to be
stored on their machines by ssl or otherwise.  Chances are the guy has
acces to the db too.

> Whereas on a college network, there's mountains of crap floating around

tell me about it!

Gavin

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell