[cryptography] this house believes that user's control over the root list is a placebo

The Fungi fungi at yuggoth.org
Sun Jun 26 14:13:20 EDT 2011


On Sun, Jun 26, 2011 at 12:26:40PM -0500, Marsh Ray wrote:
[...]
> Now maybe it's different for ISP core router admins, but the
> existence of this product strongly implies that at least some admins
> are connecting to their router with their web browser over HTTPS and
> typing in the same password that they use via SSH.
[...]

Valid point, but flawed example. Managing these things day in and
day out, I can tell you this is the first thing any experienced
admin disables when initially configuring the device. If your admin
is managing your routers with a Web interface, SSL MitM is the
*least* of your worries, honestly.
-- 
{ IRL(Jeremy_Stanley); WWW(http://fungi.yuggoth.org/); PGP(43495829);
WHOIS(STANL3-ARIN); SMTP(fungi at yuggoth.org); FINGER(fungi at yuggoth.org);
MUD(kinrui at katarsis.mudpy.org:6669); IRC(fungi at irc.yuggoth.org#ccl);
ICQ(114362511); YAHOO(crawlingchaoslabs); AIM(dreadazathoth); }



More information about the cryptography mailing list