[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Wed, 20 Nov 2013, Simon Waters wrote:
Another good reason to use HTTPS.Https will stop the average 12 year old doing this.
Not so sure. I know a lot of HTTPS is broken, but not to the point where an adversary controlling the cables can inject packets in real time.
That's the whole thing: simply because traffic between Belgacom and LinkedIn and Slashdot goes via Cornwall, GCHQ can just sit there and inject packets when it wants to. At least that's what I understand to have happened.
You can of course do things with forged certificates and routing traffic through your servers, but that is a lot more difficult to do and easier to detect.
Martijn. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq