Forwarded from: Jason Coombs <jasoncat_private> The only reason worms haven't incorporated DNS poisoning techniques yet is that their programmers weren't looking to be MITM. The AlterNIC attack didn't rely on a worm, but it DID accomplish possibly the largest known DNS hijacking attack to date -- allowing automatic redirection of visitors attempting to reach the authentic InterNIC servers. The AlterNIC wasn't attempting to be a MITM, either, but easily could have, and on a large scale. Before anyone dismisses the MITM as an insignificant threat they need to provide proof that the Web sites they've visited in the past were served to them from the authentic servers and routed to them by way of trustworthy routers without the "help" of an unauthorized MITM: a malicious router that hat hijacked a route, a malicious proxy server that had hijacked DNS, or an authentic router or server that was compromised. Particularly now that it has been discovered that SSL NEVER WORKED for server identity authentication under Microsoft Windows, NOBODY can provide that proof about past network security. The chances are so high as to be nearly 100% certain that SOMEBODY, SOMEWHERE, has already been impacted by a MITM attack and they didn't know it then and they don't know it now. A successful MITM attack leaves no trace and gives the end user no reason to think they've been compromised. Can YOU prove that your past use of Internet Explorer wasn't compromised by a MITM? Sincerely, Jason Coombs jasoncat_private -----Original Message----- From: owner-isnat_private [mailto:owner-isnat_private] On Behalf Of InfoSec News Sent: Thursday, August 15, 2002 1:13 AM To: isnat_private Subject: Re: [ISN] Security flaw found in Microsoft Web browser Forwarded from: Mark Hahn <MHahnat_private> At 05:34 AM 8/14/2002, InfoSec News wrote: > The eminent Mr Schneier must have been misquoted. What this permits > is an MITM attack, the most obscure and unlikely of the scenarios. > Passive listening is presumably unaffected, by orders of magnitude a > greater danger. I.e., say Yes to Mallory, say No to Eve. > > MICROSOFT DOWNPLAYS REPORT > > Not that anyone will believe them, but in this case, it is indeed > appropriate to assure that MITM attacks are hard. This doesn't mean > that they shouldn't fix the bug, but this flaw is more embarressing > than devastating; the fact that it took so long to find also points > out the relative lack of popularity that Mallory has in the real > world. [...] - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Aug 16 2002 - 02:35:49 PDT