SagaLore
Elite Member
- Dec 18, 2001
- 24,036
- 21
- 81
Awesome, thanks for the heads up. I wrote up a quick article on it too, here:
http://www.antisource.com/arti...ip-secure-sites-attack
http://www.antisource.com/arti...ip-secure-sites-attack
Crusty
Lifer
- Sep 30, 2001
- 12,684
- 2
- 81
I wouldn't have done that yesterday, or the week before. If you openly broadcast ANY traffic to anyone you are at risk. It all depends on the site really, any banking sites I won't goto on wifi ever... other general sites that use SSL where my information isn't sensitive it's not a big deal.
What makes you think your SSH tunnel is anymore secure then an SSL website?
I never said the sky was falling but the internet is much more dangerous with this exploit. And there is no easy fix.
Pretty simple, I control my ssh box. I use a client cert to authenticate to my ssh box. So when I hope on a public wifi, I open my ssh connection and tunnel everything over it. It is NOT suceptible to a MITM attack such as this. Unless someone is on my network at home.
What a completely bullshit article "SSLstrip sits on the internal network, and will monitor for SSL connections. If it sees one, it will intercept the traffic - not only does it decrypt it, it substitutes it with unencrypted traffic. It then adds a padlock icon back onto the browser so the end-user thinks it is secure."
So it decrypts SSL traffic now eh? Seriously, learn to read.
SagaLore
Elite Member
- Dec 18, 2001
- 24,036
- 21
- 81
Well wireless is a different encryption altogether. If they crack that first, then sure, they could use SSLstrip if they can spoof the signal perfectly. More likely they'll hijack your machine, router itself, or the bank's network well before they bother with your short range wireless connection.
Yes I understand that. But no one has been exploiting it. I get that. Just like the original SQL injection vulnerabilities had been around since SQL Server was released. But it didn't matter until it got publicized.
Seriously, you have no business commenting on this. The biggest attack vector for this and the middler (etc) is the wireless evil twin attack. I've seen evdo/linksys equipment built into printers, bookbags, a pile of books all designed to be 'plopped' into an environment (like a starbucks) and carry out these attacks. Its MUCH more likely than them breaking into the 'banks network'.
SagaLore
Elite Member
- Dec 18, 2001
- 24,036
- 21
- 81
What is up your butt today? Here is an exact copy from Forbes:
Btw, for those of you that don't want to download the movie, its on YouTube:
http://www.youtube.com/watch?v=Rvp0oPluuLE
So let me get this straight bsobel. A vulnerability that has existed for a long time but never been really exploited extensively has been published. A tool that will make it simple to do will be released. It can easily affect anyone who does anything on wireless hotspots. And this isn't any sort of big deal?
You know as well as I do that people use SSL enabled websites on hotspots all the time. Most people believe that if they have https and the little lock, that they are safe. They believe that when they go to wachovia.com and see that little lock on the form that their information is secure. As long as they didn't have a trojan before yesterday, they pretty much were safe. Now they are not.
So it is no big deal?
You know as well as I do that people use SSL enabled websites on hotspots all the time. Most people believe that if they have https and the little lock, that they are safe. They believe that when they go to wachovia.com and see that little lock on the form that their information is secure. As long as they didn't have a trojan before yesterday, they pretty much were safe. Now they are not.
So it is no big deal?
I don't know what you don't understand, this has been exploited for YEARS. TheMiddler was released last year, it has the same functionality. This is just one more of a LARGE number of SSL MiTM tools. Saying 'never been really exploited' is bullshit.
That not true. If they go to a fake SSL site and don't notice their bank no longer has an extended validation ssl cert its the same as if they went to a phishing site via an email. Your example is wrong, they don't go to wachovia.com they go to a 3rd party domain. In the normal SSL stripping scenario, they DO go to wachovia.com but all https links are replaced with http links.
SagaLore
Elite Member
- Dec 18, 2001
- 24,036
- 21
- 81
We aren't talking about a wireless attack, we're taking about traffic that is supposed to be SSL encrypted. That is the context of this topic - I know how easy it is to break wireless.
And yes, bank networks are compromised all the time through lackadaisical security and stupid employees. Again, this topic is about SSL security. Don't worry, we know how smart you are since you do AV helpdesk. We got it.And thats what I was talking about as well, apparently you don't know much about the topic you're you would have caught that.
What AV helpdesk?
I am DONE talking to you. You didn't watch the presentation. THE FINAL EXPLOIT ISN'T JUST REPLACING HTTPS LINKS WITH HTTP LINKS. If you can't even take the time to find out what it is doing, you have ZERO business discussing it.
Yea, its SENDING THE USER TO A DIFFERENT DOMAIN. Your stating the user is still at wachovia.com and your wrong.
Actually this is a weakness in https much more than SSL itself. It relies on seeing the plaintext traffic and stripping out ssl links (or directing the user to a different domain on SSL for which the attacker got a cert). Its not a break of SSL itself at all.
Platypus
Lifer
- Apr 26, 2001
- 31,046
- 321
- 136
What bsobel is saying, correctly I might add, is that this attack is nothing new. There are companies that essentially create products to do this on purpose in a corporate environment for example. MITM attacks against SSL have been around since the advent of SSL. This is purely a fluff piece released for scaremongering purposes.. plain and simple.
There's no reason to attack someone over it, especially since he's right?
You just don't get it. Seriously. Yes behind the scenes, the user's browser is hitting something like.
https://www.wachovia.com/login...ky&reallyrocks&jiif.cn
instead of:
https://www.wachovia.com/login.asp?realvalueshere
yes the real domain is jiif.cn but it is so long you would not see that in the address bar.
That is what is in their address bar. They have a VALID SSL session. They have the little lock. Unless the user is looking at the end of every single URL AND/OR looking at the certificate, they are none the wiser.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 22K
-
News NVIDIA and Intel to Develop AI Infrastructure and Personal Computing Products- Started by poke01
- Replies: 384
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
Facebook
Twitter