Haris, Yes.. mmg possible sangat2. aku ada demo masa DNSSEC seminar...
On Fri, Sep 24, 2010 at 8:17 PM, Hazrul Hamzah <[email protected]> wrote: > Based on the blog post, plenty of tools can be used to perform such > attacks. Nowadays tools are getting more "user friendly" and yeah since > he's using insecure Wifi facility -visible network packets/traffics - > perhaps webmitm, dnsspoof can be used. Or perhaps sidejacking with > ferret and hamster is much more easier. But based on the symptoms or the > screenshots, it is more monkey in the middle attack compared to > sidejacking (I prefer this one). > > So, never access your private accounts using insecure or open ap > wireless environment. Guna la broadband.. :D > > p/s: besides I believe nobody actually read/understand/concern on the > warning popups regarding the cert validity. Usually we just click "Add > exception" and "proceed" :D > > That's my 2 halala > > Thanks > > On 24/09/2010 19:38, Fathi Kamil Zainuddin wrote: > > There is https/ssl mitm in the cain & abel using fake private/public key. > It intercepts the ssl handshake and providing the fake key (if the key is > not trusted) to the client. In my previous test, my friend realized a fake > ssl for maybank site when I'm running the attack, and he told me maybank has > been hacked (but not). For wireless (not ethernet) layer 2, there is utility > like airpwn and karma for this kind of attack. I haven't read yet the blog > but to answer first the question. Wallahualam. > > Sent from my BlackBerry® smartphone > > > > -----Original Message----- > > From: Harisfazillah Jamel <[email protected]> > > Sender: [email protected] > > Date: Fri, 24 Sep 2010 19:21:31 > > To: owasp-malaysia<[email protected]> > > Subject: Re: [Owasp-Malaysia] Man In The Middle Attack Wireless > > > > Tittle should be man in the minddle attack.. > > > > ettercap can be used to capture packet. But its hard to get our > > password in HTTPS protocol. I believe a kind of proxy is used for > > this. > > > > Any idea what kind of proxy? > > > > > > On Fri, Sep 24, 2010 at 7:04 PM, Hasanuddin Abu Bakar <> wrote: > >> ARP poisoning can be used.ettercap > >> > >> On 24 Sep 2010 19:02, "Harisfazillah Jamel" <[email protected]> > wrote: > >>> Assalamualaikum and salam sejahtera, > >>> > >>> Would like to share this blog post. > >>> > >>> http://blog.mohdhanif.com/aku-telah-berjaya-di-hack/ > >>> > >>> How man in the middle attack can be used in this case? > >>> > >>> Thanks. > > _______________________________________________ > > Owasp-Malaysia mailing list > > [email protected] > > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > > > > OWASP Malaysia Wiki > > http://www.owasp.org/index.php/Malaysia > > > > OWASP Malaysia Wiki Facebook > > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 > > _______________________________________________ > > Owasp-Malaysia mailing list > > [email protected] > > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > > > > OWASP Malaysia Wiki > > http://www.owasp.org/index.php/Malaysia > > > > OWASP Malaysia Wiki Facebook > > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 > > > > _______________________________________________ > Owasp-Malaysia mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > > OWASP Malaysia Wiki > http://www.owasp.org/index.php/Malaysia > > OWASP Malaysia Wiki Facebook > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >
_______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
