[Noisebridge-discuss] Security on the network at 83c.
Andy Isaacson
adi at hexapodia.org
Thu Jul 30 16:53:41 UTC 2009
On Thu, Jul 30, 2009 at 02:29:58AM -0500, Rubin Abdi wrote:
> In short, there is a possibility that a 3rd party could have full root
> access to many of the hosted machines at 83c, *but* there is no evidence
> that such a thing has happened yet. This 3rd party could potentially
> monitor any traffic going through the space, and/or gain access to any
> user credentials left on a machine there, namely Pony. Also they could
Further --
Please don't use HTTPS as your sole line of defense, at 83c or anywhere
else, unless your network is wired and there are no vulnerable machines
on it.
In combination with any of several recent attacks, if pony is
compromised the attackers could sniff HTTPS traffic. We don't think
this is happening at 83c, but it could be -- just as these attacks could
be used to sniff HTTPS traffic at any coffee shop or other untrusted
network.
http://hackaday.com/2009/07/29/black-hat-2009-breaking-ssl-with-null-characters/
http://www.thoughtcrime.org/software/sslsniff/
-andy
More information about the Noisebridge-discuss
mailing list