Etherbat: A useful application of ARP spoofing

Today, Paweł Pokrywka announced the release of Etherbat, a Linux application for mapping local networks. The cool part is that it does its magic through ARP spoofing.

I have a soft spot for limited information network mapping and device identification, and this does both, which makes it cool++ in my book. I've long wondered what other practical effects you could achieve with ARP spoofing (aside from the obvious route poisoning).

I've started to monkey around with Python / Impacket / Scapy to brush up on my network-fu, and once, long ago, I wrote a chat application in perl that used fake ARP requests as the transport called ARPArp (ARP Anonymous Relay Protocol). It's cool for interoffice chatting without any possibility of remote detection (since you're necessarily limited to the local network). Maybe this will inspire me to pick it up again. Thanks, Paweł!

Partial Encryption on Gmail?

This started popping up today (click to embiggen):



So, what is a normal user supposed to do with the warning that "parts of the page" were not encrypted? Seems that if you, the user, were counting on your Gmail contents being secret (maybe you're reading Gmail in the same room as Robert Graham), and you get this big red warning on your location bar, it's either a) too late to do anything about it, or b) not enough information to act on moving forward.

Poking around a little bit on the certificate details, I can't tell which parts of my Gmail session are now suddenly non-encrypted. If it's just the images of the buttons or some other UI element, then, well, I really don't care. But, if it's the contents of my love letters from my secret paramour, then I might care a lot.

SSL is supposed to provide two things -- certainty that you're talking to the computer you think you're talking to, and certainty that third parties can't read the communication.

This warning throws both certainties out the window.

(It's even more troubling because I, unlike typical users, actually go out of my way to SSL-ify my Gmail sessions with a GreaseMonkey trick to redirect everything from http://mail.google.com to https://mail.google.com -- so even if I accidentally start reading in the clear, I'll get kicked back to SSL toot-sweet.)

At any rate -- if there's a good means to determine what happened here post-facto, I'd appreciate knowing about it -- not just on Gmail, but anywhere. I have no idea why this started happing today at Gmail; I assume there's some fancy new Web 2.0 thingy on Gmail that's not behaving correctly.