[Air-L] The end is nigh
jhuns at vt.edu
Thu Oct 28 03:31:32 PDT 2010
while hardware level encryption would be nice... and it could in theory solve this problem... using it as a solution is sort of like... 'oh the water is polluted, let's route it through a sealed viaduct' solution. Sure, it works, but it doesn't address the cause, which is poor session management in browsers and other tools. This is a software problem at its base. you could have the same problem with a multi-link serial network, you could have the same problem on an ethernet network, or basically any broadcast level network with multidimensional routing. making the network itself stronger so people can't get on it, is one option, but as i said it doesn't address the direct problem which is that two computers which are trusting each other, are not using sufficient credentials to establish and maintain that trust. a session is basically a system of trust, one computer trusts the other computer to be what it says. also keep in mind that... you could always watch people's open traffic and insert date into open streams, so the question is whether or not this is new or whether the system is actually broken at all. some of you may remember i demonstrated logs and insertions back at ir 2.0 as part of my 'scare the living daylights out of you over internet security' talk. this tool just makes that talk easier it seems.
More information about the Air-L