[13524] in cryptography@c2.net mail archive
Re: An attack on paypal
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Sun Jun 8 21:48:05 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: Anne & Lynn Wheeler <lynn@garlic.com>
Cc: "Dave Howe" <DaveHowe@gmx.co.uk>,
"James A. Donald" <jamesd@echeque.com>,
"Email List: Cypherpunks" <cypherpunks@lne.com>,
"Email List: Cryptography" <cryptography@metzdowd.com>
Date: Sun, 08 Jun 2003 21:39:12 -0400
From: "Steven M. Bellovin" <smb@research.att.com>
In message <4.2.2.20030608173129.00a99bb0@mail.earthlink.net>, Anne & Lynn Whee
ler writes:
>
>at a recent cybersecurity conference, somebody made the statement that (of
>the current outsider, internet exploits, approximately 1/3rd are buffer
>overflows, 1/3rd are network traffic containing virus that infects a
>machine because of automatic scripting, and 1/3 are social engineering
>(convince somebody to divulge information). As far as I know, evesdropping
>on network traffic doesn't even show as a blip on the radar screen.
One could argue that that's because of https...
More seriously, eavesdropping on passwords was a *very* big problem
starting in late 1993. Part of the problem was that ISPs then didn't
know better than to put NOC workstations on their backbone LANs; when
those were compromised, the attackers had wonderfully-placed
eavesdropping stations.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
