ANNOUNCE: Nagios Looking Glass 1.0.0#PRE is here!

[Andreas Ericsson]

Andy Shellam (Mailing Lists) wrote:
> Hi Robert,
> 
> Thanks for your description below but I'm still struggling to come to 
> terms with how NLG can be used to attack another site.
> Firstly, my understanding of an XSS attack is of the following:
> 
> - Client requests a page (eg. www.yahoo.com)
> - Hacker strips the response packets off the wire and replaces them with 
> packets that have come from (eg. www.google.co.uk)
> - Client receives www.google.co.uk as a result of hacker's actions
> 

That's a MITM (Man/Monkey In The Middle) attack. XSS is when your 
browser is fooled to request data from a server but thinks it's 
requesting it from a place it trusts. No browser can protect itself 
against MITM (barring encryption ofc, which doesn't work if the monkey 
holds the key). Securing layer 2 and 3 of network communication is the 
job of the kernel.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null