Quote:
Originally Posted by 18Googol2
Yes, the attack over SSL is MiM (man in the middle). SSL itself is practically impossible to crack, but it doesnt mean you are safe when surfing with https sites at all. The MiM doesnt attempt to crack SSL, in stead, with bogus private & public keys, it pretends to be the trusted party (the https site) you are supposed to deal with. So, consequencely, you blindly give your private info to the bad guy.
I wouldnt say its a low risk. Believe it or not, it would take a script kiddie only ~5mins in total (including the time to download software) to finish every step needed to retrieve the password over SSL. Also, it requires zero technical knowledge. All you have to do is point and click as per instruction. If the program is widespread one day, it would be a disaster.
|
With all due respect, I think you over-estimate the ease with which a MITM attack is conducted. Again, I don't argue that it's possible, or that it happens, just the probability that it's conducted on a regular basis, even at your local Starbucks. A hotel actually would be a better place to conduct such attacks, but even then, it's not that simple. The real weakness in all of this is the user's ability to surf intelligently (and as a result, securely.) But this is a another discussion entirely.