1995-10-01 - MITM attacks, the day after …

Header Data

From: jbass@dmsd.com (John L. Bass)
To: www-security@ns2.rutgers.edu
Message Hash: c153e12ec53637ae4a24a149159c5a4510d2ea9ae5b6e37d3eda23b74fe6094f
Message ID: <9510011649.AA12871@dmsd.com>
Reply To: N/A
UTC Datetime: 1995-10-01 16:50:03 UTC
Raw Date: Sun, 1 Oct 95 09:50:03 PDT

Raw message

From: jbass@dmsd.com (John L. Bass)
Date: Sun, 1 Oct 95 09:50:03 PDT
To: www-security@ns2.rutgers.edu
Subject: MITM attacks, the day after ...
Message-ID: <9510011649.AA12871@dmsd.com>
MIME-Version: 1.0
Content-Type: text/plain



I suppose C2 got as many "do you know how hard it is" complaints as
I have, or more. But dispite that, several people broke keys.

There seem at this point to be two messenger or man in the middle attacks
on SSL that have enough merit to explore further.

#1  Attack client binaries to suppress certificate validation, and accept
ones forged by the filter/MITM. The binary attack could occur during down
load from NetScape (a good ISP level attack) or after the fact with a virus.
The client binary would be normally functioning with servers other than the
attacking MITM filter.

#2  Present client with the filters valid certificate and hope that in the
rare case the user looks, that they will not question it, or even know what
a valid one from the real server is.

Since detection is possible in both of these, attack only a few percent of the
traffic until the heat is on, then lay dormant or move to a different site.

Suggested to me this morning was taking a harder look proxy servers.

John






Thread