Do you know who you are asking/arguing with here? I might ask you to come to my hackfest and login to my AP, and I will show you ... Here's your research list: arpspoof [arp rarp nature of tcp/ip and the linux kernel] sslstrip [sslstrip decode packets including auth/password and url - run tool to get a list of everything victim sends out or accesses] https://sickbits.net/mitm-stealing-your-creds/ http://www.packtpub.com/article/backtrack5-advanced-wlan-attacks (Don't buy their Backtrack5 guide - BTW - come to our Hackfests) PLUG Hackfests at DeVry University 2nd Saturday 10:00 - 2:00 PM - Lab/Presentation Hackfest with targets and trainers On Fri, Apr 19, 2013 at 8:46 AM, Ted Gould wrote: > ** > On Fri, 2013-04-19 at 06:18 -0700, Lisa Kachold wrote: > > If you take that Ubuntu install to DefCon and connect to the network > there, every place you connect with/to authenticate to/with will be > endangered. All of the sites you visit irregardless of protocol > (encryption) will provide login/password and URL to others listening and > MITM'ing. > > > So you're assuming SSL is decrypted or the certificate authority is > compromised? URL for sure, but I'm unsure how you could be saying > login/password would be automatically available. > > Ted > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss > -- (503) 754-4452 Android (623) 239-3392 Skype (623) 688-3392 Google Voice ** it-clowns.com Chief Clown