An attack on paypal
Steven M. Bellovin
smb at research.att.com
Sun Jun 8 21:39:12 EDT 2003
In message <4.2.2.20030608173129.00a99bb0 at mail.earthlink.net>, Anne & Lynn Whee
ler writes:
>
>at a recent cybersecurity conference, somebody made the statement that (of
>the current outsider, internet exploits, approximately 1/3rd are buffer
>overflows, 1/3rd are network traffic containing virus that infects a
>machine because of automatic scripting, and 1/3 are social engineering
>(convince somebody to divulge information). As far as I know, evesdropping
>on network traffic doesn't even show as a blip on the radar screen.
One could argue that that's because of https...
More seriously, eavesdropping on passwords was a *very* big problem
starting in late 1993. Part of the problem was that ISPs then didn't
know better than to put NOC workstations on their backbone LANs; when
those were compromised, the attackers had wonderfully-placed
eavesdropping stations.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list