2005. június 14. 07:57, Radu Spineanu <[EMAIL PROTECTED]> -> debian-security@lists.debian.org,: > Ian Eure wrote: > >> On Monday 13 June 2005 04:41 pm, LeVA wrote: > >> I don't see why it would be helpful, unless you're trying to keep > > your info > > >> secret from a determined/resourceful attacker. But an attacker like that > >> would probably get it anyways. > >> > >> I use TLS & PLAIN, and encrypt/sign my messages with GPG for my business > >> email, and I think that's plenty secure for my needs. > > That would maka it very easy for a sniffer running ettercap for example > to do a MiTM attack. > > And of course the certificate is changed a little, but 80% of users > ignore this change and click yes on whatever is shown just to read their > emails, not knowing what this could lead to. > > Also an attacker could alter that data the server sends so that it > doesn't advertise cram-md5 as an authentication method but this is more > advanced. > > Doing a simple MiTM in ettercap is script kiddie friendly.
What's this MiTM attact means? Daniel -- LeVA
