Hacker News new | past | comments | ask | show | jobs | submit login

This is kind of a big deal. Not a whole lot of people are aware of this vulnerability and among those who are it's likely only a small subset that knew how to exploit it until now. I suspect all of the coffee shops in the college town where I live will have people using this starting tomorrow.

I've personally been working from cafes and tunneling everything through SSH for years, but in my experience almost no one else does this.

Exactly. That's why the net effect of this is going to be exactly what the author wants. All major potential targets will update this really fast.

I can't think of a more effective way for him to convince them all to update now.

I've personally been working from cafes and tunneling everything through SSH for years

To where? I suspect it's to a server, VPS, or similar, and the connection is unencrypted from there to its endpoint. This being the case, could someone with a server on the same subnet be running a browser remotely (or even just tcpdump) and doing a similar thing with your logins?

(This is just some thinking out loud and I may be totally wrong - correct me ;-))

Virtually no modern wired networks use hubs anymore, they're for the most part switched. Unlike wireless networks where packets are broadcast freely in to the air, the switch checks the destination address and sends the packets only to the endpoint. There are some attacks like arp-spoofing and flooding which can defeat this, but they don't work well against modern enterprise-grade switches like you would find in a data center.

Have a bazillion karma points. I didn't realize that switching resolved that whole problem. This is why I continue to bring up stupid hypothetical situations on HN from time to time ;-)

Switching doesn't resolve the problem completely. There are a range of complicated attacks that could be done, but can be detected in various ways in a well run NOC.

But we're talking a lot more complicated and deliberate than running tcpdump or this Firefox plugin, right?

I guess if you really wanted to you could run a GUI tool like Cain (http://oxid.it/), but most people doing this type of thing would use something like Scapy or at worst, Yersinia.

So I'd agree, more complex definitely, significantly not as much perhaps (it depends on the type of attack as tool), as for deliberation I'd say about the same as the firefox plugin.

If you do run tcpdump you do pick up broadcasts and such, one of our VPS instances actually sees a load of DNS traffic for our subnet, which we think is the other VPS instances.

It depends on how secure the remote network is. If it's just another coffee shop, you're screwed. If it's your own Linode in one of those well managed datacenters, it would be pretty difficult for anyone to snoop that traffic.

If you control the remote network, it's a lot safer than having all your traffic unencrypted on the Starbucks Wifi.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact