-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 06:40 PM 12/13/99 -0000, lcs Mixmaster Remailer wrote:
>However this is just the first step in an effective compromise. Now you
>need to get him to use a bogus certificate when he thinks he is using
>a good one. He tries to connect to a secure site, and you need to step
>in and play man in the middle. You must hijack his connection to, say,
>www.amazon.com, and direct it to your own site. Then you can offer your
>bogus cert for www.amazon.com and get it accepted.
The Bloomberg attack didn't require connection hijacking. All that attacker
did was post a newsgroup message with a URL in it.
If you're depending on that little lock in the corner of the browser window
to mean you're connected to the page you seem to be connected to, and the
"seem to be" is derived only from the page contents, you're in trouble.
That's more what we were talking about than connection hijacking -- although
if you want to go to that trouble, feel free. :)
This shows up more clearly with e-mail. Here again, you don't have to
hijack a connection if the attacker initiates the exchange (sends the first
message) and the victim uses the "reply to" button in his mailer. [E.g.,
the attacker asks for a copy of the victim's latest draft -- and the
victim sends it.]
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2fc7
iQA/AwUBOFVYWJSWoQShp/waEQIz0wCgkqP8a5D7lPlWcG3bo7agUMFoj80An07r
4mVt/ebbleR6Pqhp1KIw2Vuo
=jFYN
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison [EMAIL PROTECTED] http://www.pobox.com/~cme |
| PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+
