- From: Thomas Roessler <tlr@w3.org>
- Date: Sun, 21 Oct 2007 11:55:32 +0200
- To: public-wsc-wg@w3.org
I was at hack.lu, a local security / hacking conference here, Thursday through Saturday. At some point, somebody in the audience ran ettercap [0] (or a similar tool) against the people in the room, performing a man-in-the-middle attack on TLS-based protocols (see [1] for some more detail). The attack left the human-readable material in certificates intact, but exchanged the public modulus. From the reactions when people were told about the ongoing attack, any number of them must have clicked past the security warnings their browsers and mail user agents gave them. And note that these were people who attended a three-day conference to learn more about hacking and security... (Unfortunately, the pranksters didn't own up to their doing, and didn't present any statistics. So we don't know.) 0. http://ettercap.sf.net 1. http://log.does-not-exist.org/archives/2007/10/20/2144_hacklu_mitming_a_room_full_of_security_people.html Cheers, -- Thomas Roessler, W3C <tlr@w3.org>
Received on Sunday, 21 October 2007 09:57:00 UTC