IE SSL Exploit

From: Mike Benham (moxieat_private)
Date: Mon Aug 12 2002 - 01:04:13 PDT

Next message: Jonas Eriksson: "OpenBSD Security Advisory: Select Boundary Condition (fwd)"

Previous message: Gilles Parc: "Vulnerability in Oracle"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is a follow-up to my previous advisory:
http://online.securityfocus.com/archive/1/286290/2002-07-31/2002-08-06/0

Thanks to everyone who helped verify the vulnerability.

I've written a small tool (sslsniff) that demonstrates the severity of
this vulnerability in a real-world setting.  It performs undetected
hijacking/sniffing of IE SSL sessions, even on a switched network.

It can be found at http://www.thoughtcrime.org/ie.html

Still no word from Microsoft.

- Mike

--
http://www.thoughtcrime.org

Next message: Jonas Eriksson: "OpenBSD Security Advisory: Select Boundary Condition (fwd)"
Previous message: Gilles Parc: "Vulnerability in Oracle"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 12 2002 - 16:08:00 PDT