[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MITM attacks, the day after ...

I suppose C2 got as many "do you know how hard it is" complaints as
I have, or more. But dispite that, several people broke keys.

There seem at this point to be two messenger or man in the middle attacks
on SSL that have enough merit to explore further.

#1  Attack client binaries to suppress certificate validation, and accept
ones forged by the filter/MITM. The binary attack could occur during down
load from NetScape (a good ISP level attack) or after the fact with a virus.
The client binary would be normally functioning with servers other than the
attacking MITM filter.

#2  Present client with the filters valid certificate and hope that in the
rare case the user looks, that they will not question it, or even know what
a valid one from the real server is.

Since detection is possible in both of these, attack only a few percent of the
traffic until the heat is on, then lay dormant or move to a different site.

Suggested to me this morning was taking a harder look proxy servers.