Top
Search n00bz.net
  • South Florida Security Resources
    • HackMiami.org
      HackMiami is made up of information security professionals, hardware engineers, network administrators, students, and those who simply enjoy technology.
    • South Florida ISSA
      The Information Systems Security Association is, "the pre-eminent trusted global information security community".
  • PenTest Solutions
    • Rapid7 Metasploit Express
      Metasploit Express is an affordable, easy-to-use penetration testing solution that provides full network penetration testing capabilities, backed by the world’s largest, fully tested and integrated public database of exploits.
    • Core Impact PRO
      Core Impact is designed to evaluate the whole of the security in an office ecosystem. It allows the user to probe for and exploit security vulnerabilities in computer networks, endpoints and web applications.
« Pwn2Own | Main | Cloud Computing - Salesforce.com »
Wednesday
Mar242010

Public Networks equal prying eyes

DateWednesday, March 24, 2010 at 8:26PM

Today while in a Salesforce.com demo, I showcased that SSL (the "S" in https) can be stripped away using a classic man-in-the-middle attack.

Luckily, the Salesforce.com team were good sports about it. We discussed alternative access control via IP Address filtering and tokens. This occured over Don Julio 42.


Remember, if your on a public network at Starbucks or the airport, traffic can be sniffed. This means content and passwords.

I have some video recording I will do later this week to show you how.

Authorn00bz Network | CommentPost a Comment |
tagged , , , , in , ,

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Notify me of follow-up comments via email.