An (almost) real-life TLS MITM

I was at hack.lu, a local security / hacking conference here,
Thursday through Saturday.  At some point, somebody in the audience
ran ettercap [0] (or a similar tool) against the people in the room,
performing a man-in-the-middle attack on TLS-based protocols (see
[1] for some more detail).

The attack left the human-readable material in certificates intact,
but exchanged the public modulus.  From the reactions when people
were told about the ongoing attack, any number of them must have
clicked past the security warnings their browsers and mail user
agents gave them.  And note that these were people who attended a
three-day conference to learn more about hacking and security...

(Unfortunately, the pranksters didn't own up to their doing, and
didn't present any statistics.  So we don't know.)

0. http://ettercap.sf.net
1. http://log.does-not-exist.org/archives/2007/10/20/2144_hacklu_mitming_a_room_full_of_security_people.html

Cheers,
-- 
Thomas Roessler, W3C  <tlr@w3.org>

Received on Sunday, 21 October 2007 09:57:00 UTC