|
Posted by Moe Trin on November 11, 2005, 1:56 pm
If you were Registered and logged in, you could reply and use other advanced thread options
In the Usenet newsgroup comp.security.misc, in article
>I was thinking about the scenarios under which encrypted network
>traffic is most useful.
It depends on your threat model - what are you trying to protect against?
>I understand that in a university network it is very important. But if I
>am connecting to a web site from home or telnetting to a server from home
>how much does it buy.
What are you protecting yourself from? Are you worried about spies from
country $FOO finding the secret war plans? A competitor gaining the recipe
for those chocolate chip cookies? The instructor (or Mommy) finding out
that you're surfing to that pr0n site with the pictures of the Chihuahua
wearing an eye patch and the Great Dane wearing fishnet stockings? Or is
it the cops (or worse, a three letter entity) interested in your illegal
activities? Then again, maybe nobody even cares. Your call.
>In this situation, the network packets will go to the nearest gateway
>(where the ISP will log it, parses it and collects data) and then
>routes it until it reaches the company's gateway and the server.
A lot depends on the network topography. Is the local network coax or
token ring, or twisted pair using a hub (everyone locally may have a
chance to sniff the packets as they go whizzing by), or twisted pair
using a switch, or fiber (packets harder to sniff). Who has access to
the media and where? How interested are they in what you are doing?
How much effort (and money) are they likely to put into the task?
>So the only possiblity here some one in my ISP or the company sniffs
>the wire. The company (say yahoo) will anyway have the information if
>they want. Even in the ISP's case the packets go through the servers
>for processing and so the admin there has to look at them.
If the information is desired, anyone who has access to the media between
your computer and the computer at the other end of the connection CAN
look at it. You have to decide if you think that they may want to, and
take appropriate action.
>Dont get me wrong, I understand security and am paranoid. I was just
>reading an old vulnerability in SSH1 where the password length can be
>known by sniffing the wire and it got me thinking.
Before/during World War Two, all German military communications hardware
used to have a small sign in plain sight of the user that read 'Feind h<F6>rt
mit!' (also seen posted as "Feind hoert mit!") which means "The Enemy is
Listening". The German Luftwaffe [WW2] Signals Command took it even
further with "Aller Funkverkehr ist Landesverrat" which means "All radio
traffic is high treason". Information you don't spray to the four winds
is harder to intercept, and less likely to be exploited.
>And should I hold it against yahoo or some service for not using
>encryption properly?
If someone isn't protecting your information that you consider sensitive,
don't let them have the information in the first place.
>Just wanted to start a conversation and look at scenarios I am missing.
You're posting from google, using a Comcast address. Your comcast news
server has more than 20 newsgroups with the word 'privacy' in the name.
Old guy
| 
XML site map