On Sun, Jun 16, 2019 at 9:52 AM Jasper Bongertz <jas...@packet-foo.com> wrote:
> > Hi > > There is a patch currently waiting for inclusion. It would allow for > dissectors to easily make credentials (username/password) available and > present them in a tool window in Wireshark. > > The main concern here is, that this could lead companies, evaluating > Wireshark to be used within the company, to deny the use of the program, > due to wrongly identifying Wireshark as a hacking tool. > > We would like your feedback on that topic > > kind regards > Roland > Hi, > > I have seen at least three occasions where the fact that credentials were > that easily accessed with a network analysis tool has resulted in a ban of > that exact tool by upper management. In one case this affected a freshly > bought license of Clearsight, which immediately after receiving the product > ended up in a safe under lock and key, never again to see the light of day. > > It may sound weird but this is one case of the typcail "what they don't > know doesn't bother them". If this function is added some people will > suddenly realize the potential that they are currently unaware of, so it's > quite possible that Wireshark will be banned when it is currently fine to > use it (in enterprise network that usually means admins only, anyway). > While it's a myth that Ostriches bury their heads in the sand, it's clearly not a myth about management. -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操)(传说杜康是酒的发明者)
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
