What are the attack vectors for passwords sent over http?

Posted by KevinM on Server Fault See other posts from Server Fault or by KevinM
Published on 2010-05-31T23:55:33Z Indexed on 2010/06/01 2:23 UTC
Read the original article Hit count: 423

Filed under:

I am trying to convince a customer to pay for SSL for a web site that requires login. I want to make sure I correctly understand the major scenarios in which someone can see the passwords that are being sent.

My understanding is that at any of the hops along the way can use a packet analyzer to view what is being sent. This seems to require that any hacker (or their malware/botnet) be on the same subnet as any of the hops the packet takes to arrive at its destination. Is that right?

Assuming some flavor of this subnet requirement holds true, do I need to worry about all the hops or just the first one? The first one I can obviously worry about if they're on a public Wifi network since anyone could be listening in. Should I be worried about what's going on in subnets that packets will travel across outside this? I don't know a ton about network traffic, but I would assume it's flowing through data centers of major carriers and there's not a lot of juicy attack vectors there, but please correct me if I am wrong.

Are there other vectors to be worried about outside of someone listening with a packet analyzer?

I am a networking and security noob, so please feel free to set me straight if I am using the wrong terminology in any of this.

What are the attack vectors for passwords sent over http?

Posted by KevinM on Stack Overflow See other posts from Stack Overflow or by KevinM
Published on 2010-05-31T23:55:33Z Indexed on 2010/06/01 0:03 UTC
Read the original article Hit count: 423

Filed under:

security

|

ssl

|

https

|

hacking

|

packet-sniffers

I am trying to convince a customer to pay for SSL for a web site that requires login. I want to make sure I correctly understand the major scenarios in which someone can see the passwords that are being sent.

My understanding is that at any of the hops along the way can use a packet analyzer to view what is being sent. This seems to require that any hacker (or their malware/botnet) be on the same subnet as any of the hops the packet takes to arrive at its destination. Is that right?

Assuming some flavor of this subnet requirement holds true, do I need to worry about all the hops or just the first one? The first one I can obviously worry about if they're on a public Wifi network since anyone could be listening in. Should I be worried about what's going on in subnets that packets will travel across outside this? I don't know a ton about network traffic, but I would assume it's flowing through data centers of major carriers and there's not a lot of juicy attack vectors there, but please correct me if I am wrong.

Are there other vectors to be worried about outside of someone listening with a packet analyzer?

I am a networking and security noob, so please feel free to set me straight if I am using the wrong terminology in any of this.

Developer IT