WebApp Sec mailing list archives
Re: Who's afraid of Mallory Wolf?
From: Andrew van der Stock <vanderaj () greebo net>
Date: Tue, 31 Jan 2006 09:59:38 +1100
Severe damage, no. But real problems, yes.Marketscore did this in a very sneaky fashion (most users were not aware of the SSL mitm proxy), and it caused Internet Banking to be made deliberately unavailable for affected customers:
http://www.scoop.co.nz/stories/BU0503/S00167.htmCutting users off is the only way to protect affected victims from outfits like Marketscore. If Marketscore had been like Sony installing their malware in a more coordinated fashion, it would have caused mass problems.
However, the MITM attack vector isn't the reason for SSL certificates. It's about trust - whether you trust the end site, and to a lesser extent, protecting the conversation from casual eavesdroppers, such as wireless hotspots and so on. In these roles, SSL does a reasonable job for the money.
thanks, Andrew On 31/01/2006, at 3:47 AM, Ace123 wrote:
I came across this article http://iang.org/ssl/mallory_wolf.html which is the third in google search's response to "ssl mitm". It says there havent been any (major?) SSL MITM attacks so far (Article is dated Mar 2003), and so spending on buying a ssl server cert is just waste of money. I am no way convinced with this guy's argument, but to think of it - are there any real world SSL MITM attacks recorded in the recent history that caused a severe damage to anyone? thanks!---------------------------------------------------------------------- ---This List Sponsored by: WatchfireWatchfire's AppScan is the industry's first and leading web applicationsecurity testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today.https://www.watchfire.com/securearea/appscansix.aspx? id=701300000003Ssh ---------------------------------------------------------------------- ----
------------------------------------------------------------------------- This List Sponsored by: WatchfireWatchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today.
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh --------------------------------------------------------------------------
Current thread:
- Who's afraid of Mallory Wolf? Ace123 (Jan 30)
- Re: Who's afraid of Mallory Wolf? Andrew van der Stock (Jan 30)
- Re: Who's afraid of Mallory Wolf? Erwan Legrand (Jan 31)