Isn't it that AirSnort is used to determine the WEP encryption password? What about if WEP is not used? I want to know if it's easy for someone to capture tranmissions from the air, use it to get a login/pass combo for things like web-mail.
If the link is not encrypted, then yes, it is easy to grab a login/pass combo. If the link is encrypted with WEP, first use AirSnort to get the WEP key, then it's easy to grab a login/pass combo. If you want true security at today's technology, use an SSH tunnel or other VPN over your WiFi network.
That at least makes me feel safer.. But as for the 1st question, it's still a question.
To make you feel even safer, I routinely conduct transactions of several thousand dollars using credit cards or other authentication using SSL. Not only have I never had a problem, but I have never even heard of someone having a problem with a sensitive communication being intercepted. When data is stolen, it is stolen from databases or poorly written applications, but SSL itself (leaving out social engineering, fake certificates and spoofing, etc.) is not usually the problem.
Thanks for trimming; much easier this time to write back and much easier to read.
-- Rodolfo J. Paiz rpaiz@xxxxxxxxxxxxxx
-- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list