View Single Post
Old 14th August 2008
ai-danno's Avatar
ai-danno ai-danno is offline
Spam Deminer
Join Date: May 2008
Location: Boca Raton, Florida
Posts: 284

Originally Posted by 18Googol2 View Post
Yes, the attack over SSL is MiM (man in the middle). SSL itself is practically impossible to crack, but it doesnt mean you are safe when surfing with https sites at all. The MiM doesnt attempt to crack SSL, in stead, with bogus private & public keys, it pretends to be the trusted party (the https site) you are supposed to deal with. So, consequencely, you blindly give your private info to the bad guy.

I wouldnt say its a low risk. Believe it or not, it would take a script kiddie only ~5mins in total (including the time to download software) to finish every step needed to retrieve the password over SSL. Also, it requires zero technical knowledge. All you have to do is point and click as per instruction. If the program is widespread one day, it would be a disaster.
With all due respect, I think you over-estimate the ease with which a MITM attack is conducted. Again, I don't argue that it's possible, or that it happens, just the probability that it's conducted on a regular basis, even at your local Starbucks. A hotel actually would be a better place to conduct such attacks, but even then, it's not that simple. The real weakness in all of this is the user's ability to surf intelligently (and as a result, securely.) But this is a another discussion entirely.
Network Firefighter
Reply With Quote