[LinuxUsers] Dan Tentler's script kiddie antics last night
Roger E. Rustad, Jr.
roger.rustad at gmail.com
Mon Dec 29 18:30:55 UTC 2008
Chris Penn wrote:
> SSL is safe, as long as you don't accidentally accept a bad cert. I
> was accepting a cert for pidgin when I accidentally just hit enter for
> a cert that pop up as I was booting up on the local lan at its a
> grind. While pidgin was loading I had Firefox loading as well which
> was logging in to gmail. When that happens, ssl is working fine, but
> no longer matters.
Also, when this happens, you're not sending your traffic to, say, the
wireless router in the coffee shop, you're sending it to someone else's
laptop (thanks to ARP spoofing). As soon as that happens, the ssl cert
(or whatever) breaks and you're prompted to confirm the change...which
Chris inadvertently did.
More information about the LinuxUsers
mailing list