Re: I'd like to get rid of pulseaudio but ... (Gene Heskett)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jun 01, 2009 at 14:01:54 -0500,
  Chris Adams <cmadams@xxxxxxxxxx> wrote:
> 
> ISTR if you can snoop you can hijack the TCP session setup by responding
> first (aren't out-of-window packets ignored?).  You don't have to cause
> the "real" responses to be dropped, you just have to respond faster.

That's still an active attack. You have to be able to see the incoming packets
and try to send replies back fast. You need to be doing this from some
place that doesn't do proper egress filtering or very close to the destination.
This is still hard to do broadly, unlike being able to peruse through all of
the traffic that goes through major exchange points on the internet.

> > And be sure to note that certificate signed by RSA, Thawte or whoever doesn't
> > equate to secure either. Unless you have verified the end certificate
> > yourself you don't know that the organization on the other end is who you
> > really mean to be talking to.
> 
> You are trusting that the CAs have done the verification, which they do
> (to differing degrees).

They don't have a way to verify that the site I am going to is the one I
mean to. It isn't that hard to trick someone to going to a valid https
site, that isn't really the one they mean to. And Firefox doesn't try to
help with this case at all.

The whole hierarchical design is a bad fit for what it is trying to do.
Web of trust would be a lot better. But even with the current system the
Firefox UI could do more to help people notice changes.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux