RVD> Haven't seen the screenshot, but at least in my head I'm envisioning
RVD> snagging private keys than capturing corresponding traffic and being
RVD> able to decrypt it.
Me neither, but that was the impression I had. That would require a lot
more effort than just snagging the keys, of course -- anyone who can
connect to your server can steal your keys, but not just anyone can
capture traffic to your server. (But a lot of people can, so this is still
a big deal. Just not quite an "anyone, anywhere in the world, can connect
to your server and get your users' passwords" level of big deal.)
-Josh (iril...@infersys.com)
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
