The internet hijacked

ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Other Software > Developer's Corner

<< < (4/4)

Gothi[c]:
There is no MITHM attack with SSL. That's what SSL stops.

--- End quote ---

Erm, yes there is :)
There are plenty of different SSL mitm attacks possible.
While it protects the casual kid from reading plaintext stuff, the attacker can inject false ssl certificates into the tcp stream, and most users will accept them without thinking twise.

No ISP needs to be compromised. It only takes one trojaned machine on your network, or a wireless router with a cracked WEP/WPA/WPA2/... key.

Renegade:
There is no MITHM attack with SSL. That's what SSL stops.

--- End quote ---

Erm, yes there is :)
There are plenty of different SSL mitm attacks possible.
While it protects the casual kid from reading plaintext stuff, the attacker can inject false ssl certificates into the tcp stream, and most users will accept them without thinking twise.

No ISP needs to be compromised. It only takes one trojaned machine on your network, or a wireless router with a cracked WEP/WPA/WPA2/... key.
-Gothi[c] (June 02, 2008, 07:10 PM)
--- End quote ---

Ok. I know the attack that you're describing.

I was thinking of attacks on an SSL session, and not the proxied SSL cert vulnerability that you get with some corporate networks and ISPs.

Navigation

[0] Message Index

[*] Previous page

Go to full version