Re: Who's afraid of Mallory Wolf?

[Erwan Legrand <elegrand () denyall com>]

Ace123 wrote:
> I came across this article http://iang.org/ssl/mallory_wolf.html which
> is the third in google search's response to "ssl mitm". It says there
> havent been any (major?) SSL MITM attacks so far (Article is dated Mar
> 2003), and so spending on buying a ssl server cert is just waste of
> money. I am no way convinced with this guy's argument, but to think of
> it - are there any real world SSL MITM attacks recorded in the recent
> history that caused a severe damage to anyone?
>
> thanks!

Actually, some of the past months "phishing" records qualify as MITM.

http://www.schneier.com/blog/archives/2005/12/new_phishing_tr.html
--
Erwan Legrand
Responsable Technique Produits
elegrand () denyall com

Tel : +33 (0)1 40 07 47 28
GSM : +33 (0)6 16 60 26 09
Fax : +33 (0)1 40 07 47 27
Deny All - 23, rue Notre-Dame des Victoires 75002 Paris - France
www.denyall.com

-------------------------------------------------------------------------
This List Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. See for yourself. 
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------