Re: [perpass] A reminder, the Network is the Enemy...
Bjoern Hoehrmann <derhoermi@gmx.net> Wed, 20 November 2013 22:44 UTC
Return-Path: <derhoermi@gmx.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66D611AE078 for <perpass@ietfa.amsl.com>; Wed, 20 Nov 2013 14:44:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.425
X-Spam-Level:
X-Spam-Status: No, score=-2.425 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.525, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e_Zm3SQ_aPYZ for <perpass@ietfa.amsl.com>; Wed, 20 Nov 2013 14:44:01 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) by ietfa.amsl.com (Postfix) with ESMTP id E99A71AE4C6 for <perpass@ietf.org>; Wed, 20 Nov 2013 14:44:00 -0800 (PST)
Received: from netb.Speedport_W_700V ([91.35.13.37]) by mail.gmx.com (mrgmx103) with ESMTPA (Nemesis) id 0MCL6r-1VrkoC1mE5-009B3q for <perpass@ietf.org>; Wed, 20 Nov 2013 23:43:53 +0100
From: Bjoern Hoehrmann <derhoermi@gmx.net>
To: Ted Lemon <mellon@fugue.com>
Date: Wed, 20 Nov 2013 23:43:36 +0100
Message-ID: <dbeq89lhsqj0krnes41rnrodc6sjmcecr8@hive.bjoern.hoehrmann.de>
References: <9B79CCC3-853E-42F4-8390-ED0EE019C275@icsi.berkeley.edu> <B4A3135B-1391-4794-BE23-D823962C294C@fugue.com>
In-Reply-To: <B4A3135B-1391-4794-BE23-D823962C294C@fugue.com>
X-Mailer: Forte Agent 3.3/32.846
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:jNtuAeVjDCzxdj1KcDt26rgP4LuLuQmfFwAyFyPXEFtoLOjb3hv rfLE3fbab0riAi/In+bSD734mvsVkYUoPFNycPDlC8OScRnSCqnkkwW19ekDPIgGx9JmIZX FtQWFb2xz3f0ANudHMQqRsHnxiT6Mvkn+l0NUC/s9d4x6v6v583+KUg4jnTGHHrKM4dTj8i +j2ft7IGQOg89hHUGjzCQ==
Cc: perpass <perpass@ietf.org>, Nicholas Weaver <nweaver@icsi.berkeley.edu>
Subject: Re: [perpass] A reminder, the Network is the Enemy...
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Nov 2013 22:44:03 -0000
* Ted Lemon wrote: >The thing that hit me from this article that I really just hadn't fully >understood previously is that any web site that displays personalized >information per user that can be easily parsed now serves as a way to do >a targeted attack on an individual or on individuals who work for an >organization. > >So if you read slashdot or tumblr, for example, both of which display >personally identifying information on their home pages if you are logged >in, then an MiTM attacker can listen on the link the server is connected >to and trigger on HTTP responses to you, and then attack you >specifically, without revealing the attack to anyone else. >This can be mitigated in several ways—obviously https-everywhere will >address the problem, but also if the web site simply doesn't display >personally identifying information in their outgoing traffic, then the >passive attack isn't possible. Online advertisers are happy to help you identify your targets and put code on their computers, <http://en.wikipedia.org/wiki/Malvertising>. -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
- [perpass] A reminder, the Network is the Enemy... Nicholas Weaver
- Re: [perpass] A reminder, the Network is the Enem… Ted Lemon
- Re: [perpass] A reminder, the Network is the Enem… Bjoern Hoehrmann
- Re: [perpass] A reminder, the Network is the Enem… Ted Lemon
- Re: [perpass] A reminder, the Network is the Enem… Bjoern Hoehrmann
- Re: [perpass] A reminder, the Network is the Enem… Ted Lemon
- Re: [perpass] A reminder, the Network is the Enem… Stephane Bortzmeyer
- Re: [perpass] A reminder, the Network is the Enem… Stephane Bortzmeyer
- Re: [perpass] A reminder, the Network is the Enem… Nicholas Weaver
- Re: [perpass] A reminder, the Network is the Enem… David Conrad
- Re: [perpass] A reminder, the Network is the Enem… Matthäus Wander
- Re: [perpass] A reminder, the Network is the Enem… Randy Bush
- Re: [perpass] A reminder, the Network is the Enem… Phillip Hallam-Baker
- Re: [perpass] A reminder, the Network is the Enem… David Conrad
- Re: [perpass] A reminder, the Network is the Enem… Phillip Hallam-Baker
- Re: [perpass] A reminder, the Network is the Enem… Russ Mundy
- Re: [perpass] A reminder, the Network is the Enem… Phillip Hallam-Baker
- Re: [perpass] A reminder, the Network is the Enem… Stephane Bortzmeyer