Forwarded from: Mark Hahn <MHahnat_private> At 05:34 AM 8/14/2002, InfoSec News wrote: > The eminent Mr Schneier must have been misquoted. What this permits > is an MITM attack, the most obscure and unlikely of the scenarios. > Passive listening is presumably unaffected, by orders of magnitude a > greater danger. I.e., say Yes to Mallory, say No to Eve. > > MICROSOFT DOWNPLAYS REPORT > > Not that anyone will believe them, but in this case, it is indeed > appropriate to assure that MITM attacks are hard. This doesn't mean > that they shouldn't fix the bug, but this flaw is more embarressing > than devastating; the fact that it took so long to find also points > out the relative lack of popularity that Mallory has in the real > world. In my experience, a MITM attack is any thing but "obscure and unlikely". I have built several middle-man sites for various reasons and they are not overly complex to build. When used for a white-hat purposes, they are called "Proxies". Add a little spam and you can have thousands of users "using" the proxy. And, given that the "proxy" can really use any valid certificate, you can keep any SSL-enabled browser from complaining. I wonder if this is a matter of experience-based perspective? I can see how to build the MITM model and make it work, mostly. I cannot see how to a place an eavesdropping in a location likely to get enough traffic to make it worth while. So maybe an eavesdropping attack looks easier to some, MITM looks easier to others? -MpH -------- Mark P. Hahn, CISSP MHahnat_private Chief Technical Officer 609 716 9320 TCB Technologies, Inc. Princeton Junction, New Jersey, USA - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Aug 15 2002 - 07:45:25 PDT