An attack on paypal
Steven M. Bellovin
smb at research.att.com
Sun Jun 8 18:39:12 PDT 2003
In message <4.2.2.20030608173129.00a99bb0 at mail.earthlink.net>, Anne & Lynn Whee
ler writes:
>
>at a recent cybersecurity conference, somebody made the statement that (of
>the current outsider, internet exploits, approximately 1/3rd are buffer
>overflows, 1/3rd are network traffic containing virus that infects a
>machine because of automatic scripting, and 1/3 are social engineering
>(convince somebody to divulge information). As far as I know, evesdropping
>on network traffic doesn't even show as a blip on the radar screen.
One could argue that that's because of https...
More seriously, eavesdropping on passwords was a *very* big problem
starting in late 1993. Part of the problem was that ISPs then didn't
know better than to put NOC workstations on their backbone LANs; when
those were compromised, the attackers had wonderfully-placed
eavesdropping stations.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
More information about the Testlist
mailing list