RE: [ISN] Security flaw found in Microsoft Web browser

From: InfoSec News (isnat_private)
Date: Thu Aug 15 2002 - 23:19:05 PDT

  • Next message: InfoSec News: "[ISN] FBI agent charged with hacking"

    Forwarded from: Jason Coombs <jasoncat_private>
    The only reason worms haven't incorporated DNS poisoning techniques
    yet is that their programmers weren't looking to be MITM.
    The AlterNIC attack didn't rely on a worm, but it DID accomplish
    possibly the largest known DNS hijacking attack to date -- allowing
    automatic redirection of visitors attempting to reach the authentic
    InterNIC servers. The AlterNIC wasn't attempting to be a MITM, either,
    but easily could have, and on a large scale.
    Before anyone dismisses the MITM as an insignificant threat they need
    to provide proof that the Web sites they've visited in the past were
    served to them from the authentic servers and routed to them by way of
    trustworthy routers without the "help" of an unauthorized MITM: a
    malicious router that hat hijacked a route, a malicious proxy server
    that had hijacked DNS, or an authentic router or server that was
    Particularly now that it has been discovered that SSL NEVER WORKED for
    server identity authentication under Microsoft Windows, NOBODY can
    provide that proof about past network security.
    The chances are so high as to be nearly 100% certain that SOMEBODY,
    SOMEWHERE, has already been impacted by a MITM attack and they didn't
    know it then and they don't know it now. A successful MITM attack
    leaves no trace and gives the end user no reason to think they've been
    Can YOU prove that your past use of Internet Explorer wasn't
    compromised by a MITM?
    Jason Coombs
    -----Original Message-----
    From: owner-isnat_private [mailto:owner-isnat_private]
    On Behalf Of InfoSec News
    Sent: Thursday, August 15, 2002 1:13 AM
    To: isnat_private
    Subject: Re: [ISN] Security flaw found in Microsoft Web browser
    Forwarded from: Mark Hahn <MHahnat_private>
    At 05:34 AM 8/14/2002, InfoSec News wrote:
    > The eminent Mr Schneier must have been misquoted. What this permits
    > is an MITM attack, the most obscure and unlikely of the scenarios.
    > Passive listening is presumably unaffected, by orders of magnitude a
    > greater danger.  I.e., say Yes to Mallory, say No to Eve.
    > Not that anyone will believe them, but in this case, it is indeed
    > appropriate to assure that MITM attacks are hard. This doesn't mean
    > that they shouldn't fix the bug, but this flaw is more embarressing
    > than devastating;  the fact that it took so long to find also points
    > out the relative lack of popularity that Mallory has in the real
    > world.
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Aug 16 2002 - 02:35:49 PDT