In fact in the lab they talked of using a Trojan to sniff for them. To be fair, 99% of the time I'd probably just install a keylogger/screengrabber if I could get a Trojan on, but there certainly are circumstances where sniffing and attacking SSL would be preferable. Expect to see the time to exploit dropping very quickly as this attack is refined ... BTW .. did Firesheep fundamentally change anything? Hell no .. 'cause no one (in the scheme of things) understands it and the big websites know only a relatively small number of "in the know" people will jump up and down. SSL is still not even vaguely standard across the board despite such an easily automated cookie theft attack. Mind you, even less reason to implement it now if the CPU hit is made worthless by this new hack! ;o) Upgrade TLS/SSL and lose 2/3rds of your customers?? a
________________________________ From: Erik Goldoff [mailto:egold...@gmail.com] Sent: 21 September 2011 15:25 To: NT System Admin Issues Subject: Re: SSL hack cross check your source ... my sources show this does NOT require MITM, just sniffing proximity, and client side soft(mal)ware injection, which individually proves not to be difficult, just requires a bit of coordination for both parts now. On Wed, Sep 21, 2011 at 10:11 AM, Kennedy, Jim <kennedy...@elyriaschools.org> wrote: Ok, I have some insight on this one from a very trusted source. 1) It requires a successful man in the middle attack which is not that easy to do with SSL and it requires you to be on the same subnet as the victim or the SSL host. 2) The attack has been around for years, the only thing new here is that someone sort of built a tool to do it and is getting press coverage. 3) Very low risk. 4) Part of the exploit will be killed very quickly now that it has gone public. I am putting my SSL certs back in now. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, September 21, 2011 10:00 AM To: NT System Admin Issues Subject: Re: SSL hack LOL ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Wed, Sep 21, 2011 at 8:39 AM, Kennedy, Jim <kennedy...@elyriaschools.org> wrote: I removed all my SSL certs, so they can't hack them. Just running straight http, let's see them beat that! From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Wednesday, September 21, 2011 8:39 AM To: NT System Admin Issues Subject: Re: SSL hack I think everyone is cowering in their foxholes right now... On Wed, Sep 21, 2011 at 8:33 AM, Erik Goldoff <egold...@gmail.com> wrote: Hmmmm, looks like something I posted yesterday ... maybe you'll get more response. On Wed, Sep 21, 2011 at 8:30 AM, Steven M. Caesare <scaes...@caesare.com> wrote: Interesting, and potentially significant: http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/ -sc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ************************************************************************************ WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. "CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE" ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin