[ILUG] [ot] secure sites
fergal at esatclear.ie
Thu Nov 1 14:29:07 GMT 2001
On Thu, Nov 01, 2001 at 02:24:26PM +0000, Gavin McCullagh wrote:
> If you're talking about someone who can get onto the subnet of the web
> server and have permissions to go into promiscous mode then I'd say he's
> * A dodgy dishonest sysadmin or
> * they have a net/sysadmin who is crap and hasn't stopped anyone else from
> doing this
> In either case, I wouldn't be happy sending my credit card info to be
> stored on their machines by ssl or otherwise. Chances are the guy has
> acces to the db too.
That's pretty much it. There are far easier ways of nabbing credit card
numbers than getting yourself into a position where you can sniff and filter
lots of traffic.
More information about the ILUG