SecurityRatty: tag: mitm

MITM on jury duty

2008-02-22 12:29:38 by Liudvikas Bukys in Liudvikas Bukys

Yesterday I reported to my local Hall of Justice for jury duty They offer free wireless for jurors waiting to be called into the court. In the vicinity was the state-run access point, and a host-to-host wireless network calling itself Free Internet Service What could that be but a man-in-the-middle attacker interested in packet capture? It could...

Tags: jury duty, local hall, offer free wireless, hall, justice folks, justice, host-to-host wireless network, free internet service, jurors

How a Classic Man-in-the-Middle Attack Saved Colombian Hostages

2008-07-10 01:00:00 by Bruce Schneier in Wired Security

...MITM in the computer security community, is such a problem online: Internet communication is often stripped of any context. There's no way to recognize someone's face. There's no way to recognize someone's voice. When you receive an e-mail purporting to come from a person or organization, you have no idea who actually sent it. When you visit...

Tags: implement mitm attacks, implement, mitm attacks, mitm, attack, mitm attack, bank, bank demands authentication, bank assumes

Man-in-the-Middle Attacks

2008-07-15 06:47:19 by schneier in Schneier on Security

...MITM in the computer-security community, is such a problem online: Internet communication is often stripped of any context . There's no way to recognize someone's face . There's no way to recognize someone's voice . When you receive an e-mail purporting to come from a person or organization, you have no idea who actually sent it. When you...

Tags: implement mitm attacks, implement, mitm attacks, mitm, mitm attack, bank, bank demands authentication, bank assumes, attacker inserts

Is Your Amazon Machine Image Vulnerable to SSH Spoofing Attacks?

2008-07-14 16:26:40 by Craig Balding in Cloud Security

...MITM attacks and the answer is most definitely no. If SSH on your AMI is only accessible from another AMI then its a fair question but its unlikely Amazon are going to show you their network diagrams ;-). From experience performing MITM attacks, I would assume most networks are vulnerable (one of the reasons why we use SSH). Why Didnt Amazon...

Tags: ssh, limit ssh access, ssh host keys, host keys, ssh user keys, amazon, host ssh keys, amazon machine image, initial ssh connection

Putting all one's eggs in a single basket

2007-05-21 00:00:00 by Uriel Maimon in Speaking of Security, the RSA Blog and Podcast

I was crawling my way through the series of tubes that is the internet, when I ran into this news article . It seems a certain large financial institution's consumers were hit by a banking Trojan . This financial institution had deployed tokens to all its online banking customers, but the Trojan managed to bypass this protection by combining two...

Tags: financial institution, trojan, news article, fraud techniques, protection, internet, tubes, tokens, hit

Universal Man-in-the-Middle Phishing Kit why is this even news?

2007-01-24 00:00:00 by Uriel Maimon in Speaking of Security, the RSA Blog and Podcast

...MITM) phishing kit that recently gathered quite a bit of attention in various publications. In the phishing world there are various roles: there are the "nice" people who operate the phishing kits; there are the shady characters who translate these hard earned credentials into money; and there are the people who write the phishing sites, or...

Tags: fraud industry successful, universal, past month, successful industry, shady characters, people, kits, kit, bit

Fuzz Testing at Microsoft and the Triage Process

2007-09-20 18:52:00 by sdl in The Security Development Lifecycle

...MITM proxies; DLL redirection; in-memory start-stop-rewind, etc Implementing the appropriate delivery mechanism and conducting the test Stage 4: Monitoring of application under test for signs of failure What should we look for What do we do when we see it Stage 5: Triaging Results How can we classify and analyze issues found Stage 6: Identify...

Tags: chance exceptions, exceptions, exception handler, exception, divide-by-zero exception, exception code, triage process, process, first-chance exceptions

European Backup Services Vulnerable to Attack

2008-06-11 11:49:32 by Editor in IT Security - The IT Security Industry's Web Resource

...MITM) if the locally installed backup software does not perform sufficiently rigorous checks on the authenticity of the servers certificates. In the vulnerable systems, we were able to hijack the connection from the client software to the backup servers Four of six may not be a large test sample, but it does raise concerns about trust between...

Tags: vulnerable, attack, client software, software, services, vulnerable systems, data loss, backup servers, middle attack

When ISPs Attack!

2008-06-19 16:31:53 by Bill in Grumpy Security Guy

...MITM attack all in the name of better ads. Now sniffing to get better data on your customers has been around for a while. In fact I worked at a company that did this as part of our offering. Where NebuAd goes over the line is they manipulate the traffic to get their ad code in the mix But Free Press and Public Knowledge found that sometimes...

Tags: google, ads based, company drops, ads, nebuad faked, nebuad, company, google webpage, isps attack

Journalist On Journalist Hacking at BlackHat

2008-08-08 13:10:15 by Chris Wysopal in Zero in a bit

...MITM attack where the attackers ran their own DHCP server and handed out a gateway IP that was controlled by them. At least one reporter was connecting to his organizations content management system over unencrypted HTTP and got his password compromised. More details in How eWeek Got Hacked at Black Hat

Tags: black hat press, black hat, network, massive reporter presence, reporter, wired network, journalists, french journalists, federal wiretap laws

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo