Well actually it's any application where interesting plaintext is sent at a known offset in the conversation over and over again.
I think that this means that HTTP Basic Auth over buggy SSL is vulnerable (in other words password protected web pages). Remember that the Auth header is sent in each and every page request, although its absolute offset in each HTTP req will vary with URI length in the GET/POST header. If this is known though...
There is a site which is collating offers of geek assistance, hardware, telco circuits at sourcedest.org.
Last time I looked there were 50+ assistance offers there, if you can offer facilities, services or hardware, just register and enter them
into the database.
Please could folks mod this up and try to get the word out.
Slashdot Mirror
Well actually it's any application where interesting plaintext is sent at a known offset in the conversation over and over again.
I think that this means that HTTP Basic Auth over buggy SSL is vulnerable (in other words password protected web pages). Remember that the Auth header is sent in each and every page request, although its absolute offset in each HTTP req will vary with URI length in the GET/POST header. If this is known though...
There is a site which is collating offers of geek assistance, hardware, telco circuits at sourcedest.org.
Last time I looked there were 50+ assistance offers there, if you can offer facilities, services or hardware, just register and enter them into the database.
Please could folks mod this up and try to get the word out.