RE: SVN "Relay"
From: Vallon, Justin <Justin.Vallon_at_deshaw.com>
Date: Mon, 2 Aug 2010 12:31:04 -0400
As far as I can tell, from the "vulnerability":
<<<
webmitm -dd
The user needs to accept the man-in-the-middle certificate.
-- -Justin -----Original Message----- From: Istace Emmanuel [mailto:istace.emmanuel_at_hotmail.com] Sent: Monday, August 02, 2010 12:01 PM To: 'Les Mikesell' Cc: users_at_subversion.apache.org Subject: RE: SVN "Relay" " Can you point me to something specific?" No problem, here a video (the "fun" side) : http://www.youtube.com/watch?v=Aak6-B3JORE An article : http://forums.remote-exploit.org/tutorials-guides/19852-ssl-spoof-using-wire shark-decode-ssl-packets.html "If you are concerned about your service provider maybe you should use someone else - or a service that lets you run your own system images where you could set up a blowfish-based vpn." I haven't choose that :( But as i say, it's a temporary solution -----Message d'origine----- De : Les Mikesell [mailto:lesmikesell_at_gmail.com] Envoyé : lundi 2 août 2010 17:07 À : users_at_subversion.apache.org Objet : Re: SVN "Relay" On 8/2/2010 8:56 AM, Istace Emmanuel wrote: > " Should I be worried about banking transactions or credit card orders?" > Yeah :( > > " You could use any kind of VPN you want with the remote site. Use an > IPSEC tunnel between hosts if you don't trust SSL. Or OpenVPN with blowfish." > No, because the SVN is on a SaaS cloud, so we just have access to the > service and not the system. So we can't install a VPN server and > remember, vpn and ipsec use SSL. Search on google about SSL Spoofing > ;) Can you point me to something specific? I see things about spoofing some other site's certificate and some things about specific implementations being subject to man-in-the-middle attacks but nothing that looks like a generic weakness. If you are concerned about your service provider (who would have the best opportunity to arrange a man-in-the-middle connection), maybe you should use someone else - or a service that lets you run your own system images where you could set up a blowfish-based vpn. -- Les Mikesell lesmikesell_at_gmail.comReceived on 2010-08-02 18:34:05 CEST |
This is an archived mail posted to the Subversion Users mailing list.
This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.