Users who Dugg This
Scott Kennedy
1 Followers
Robin Pattinson
41 Followers
rex follett
48 Followers
fk seo solutions
1176 Followers
John Glover
149 Followers
janwindglowstar
39 Followers
activematxAug 22, 2006
"In its simple form a packet sniffer simply captures all of the packets of data that pass through a given network interface. Typically, the packet sniffer would only capture packets that were intended for the machine in question. However, if placed into promiscuous mode, the packet sniffer is also capable of capturing ALL packets traversing the network regardless of destination."I guess its easier than I thought.... I have always captured packets for the sake of analyzing my own network traffic. (Never intended on viewing others traffic). I guess I am going to play around with Etheral a bit, to see if I can sniff out the other traffic on my home-network.
da404lewzerAug 22, 2006
it happens anytime you submit information though a form. like this 'submit comment' form that we use on digg. the data is sent the same way. 90% of all sites are rendered on the server end, so alot of your 'data' you wont see (except on the page render) due to the use of cookies and sessions. the cookie data on your end is usually just a unique id to keep track of your 'session variables' on the servers end. cookie data can be seen in get/post requests, but since sessions are alot safer to use people are using them more...what about download? any data sent back from the server is also vulnerable for data harvesting... i mean think about it, if your email address is on the screen, or acct #, or whatever, anyone can get that too with a man in the middle attack...
bloodwineAug 22, 2006
At one time I thought about encrypting passwords using JavaScript on the clientside, but then I realized that was a stupid idea because it doesn't matter if the password is plaintext or encrypted as long as the transmitted data could be sent as a password value then it is just as easily compromised. The only benefit is that the cleartext password would not be known which protects your "real" password on any other sites you may visit and use the same password.I guess SSL is the only real way to go for password security.
wyzardAug 22, 2006
@wicketr: Snuffkin is talking about an active attack: someone intercepts the unencrypted page containing the username/password boxes, and changes the HTML so that the form submits to the attacker's site instead of to the SSL-secured login page. Having a secure place to send your credentials to doesn't do any good if someone can trick your browser into sending your credentials elsewhere instead.
wyzardAug 22, 2006
That's utterly useless. If the hashing is done in the browser, an attacker can just eavesdrop it and replay it later. The server must accept the hash value as something you can log in with, or the scheme wouldn't work, so an attacker who knows it can get in too. The "original" password no longer matters; effectively, the MD5 hash value is your password.
wyzardAug 22, 2006
Yes, but that box is checked by default, I believe, so you only see the warning once.
xophergAug 23, 2006
For Amazon, at least, you have to manually select to use an unencrypted connection. This article is pretty crappy.
kevynAug 23, 2006
lets all run and hide under our desks. the web isnt safe, nothing on here is safe, no website is safe, no ISP is safe, no cable internet connection is safe, wireless is not safe. but then again you wouldnt be here if you worried about all that
khilariAug 25, 2006
+digg... if u r connected; you are vulnerable
phocion55Aug 27, 2006
@DrDrabbles:You clearly didn't read the article or my post:"GOTO_URL=<a class="user" href="http://my.netzero.net/s/sp&FAIL_URL=&MemberID=MYUSERID&netzero.com=netzero.com">http://my.netzero.net/s/sp&FAIL_URL=&MemberID=MYUSERID&netzero.com=netzero.com</a>&Password=MYPASSWORD&x=0&y=0Content-type: text/plain"is NOT using SSL, which I was refering to.Most ignorant comment. Ever.
rkuchikiAug 27, 2006
@Anth & ThudMy bad. Thanks for clearing this up.
janwindglowstarJan 20, 2012
CLEAN UP NEW YORK TRASH CRIMINAL MARY PRANTIL WHO BELONGS IN JAIL NOT WASTING NEW YORK'S HARD EARNED TAX DOLLARS!!!!! WHY IS MAYOR BLOOMBERG ALLOWING STALKER CRIMINAL MARY PRANTIL TO RIDE THE NEW YORK COURT SYSTEMS FOR YEARS ON END WHILE SHE SPORTS NINE CRIMINAL CHARGES THAT THE COURTS KEEP CONTINUING ON AND ON AND ON????????? THE LIVES OF INNOCENT PEOPLE HAVE BEEN SUFFERING FOR YEARS BECAUSE OF CRIMINAL MARY PRANTIL WHO PLAYS THE COURT SYSTEMS AND COSTS NEW YORK TAX PAYERS THEIR HARD EARNED MONEY!!!!!!!
http://www.ripoffreport.com/computer-fraud/mary-prantil/mary-prantil-americasdreamer-b8c07.htm
Mary Prantil @AmericasDreamer aka @BestMaryPrantil Who States "she LOVES New York" yet SUES the City Of New York, the New York Police Department, Mary Prantil UN- AMERICAN SCHEMER, NYC, Mayor Mike Bloomberg CLEAN UP New York TRASH Stalker Mary Prantil NYC.gov Bloomberg.com mike bloomberg mary prantil @americasdreamer @bestmaryprantil twitter facebook google michael bloomberg georgina bloomberg mayor bloomberg Astoria, New York