| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri Mar 17 15:13:19 2006 From: asimmons at messagelabs.com (Andrew Simmons) Subject: HTTP AUTH BASIC monowall. Simon Smith wrote: >> Ok, so what's your alternative? [...] >> Some form of challenge response? If you can already perform a man in >> the middle attack, than challenge response is just as vulnerable. >> Just connect to the server when the client hits you, and pass them the >> challenge you recieved. Use the credential yourself, and pass them a >> failure. When they try again, connect them to the server. > You're right again. Does everyone here think that the majority of > companies hire security aware people? We're not talking about general staff, we're talking about your firewall admin. If your firewall admin doesn't care about security you've got much bigger problems. Which appears to be the case... \a -- Andrew Simmons // MessageLabs Security Team Technical Security Consultant MessageLabs: Be certain ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
Powered by blists - more mailing lists