[PLUG] wifi security
Tim
tim-pdxlug at sentinelchicken.org
Fri Feb 27 16:23:58 UTC 2009
> Some sites use SSL encrypted *forms* just for submission. So you end
> up with a non-SSL page that you type your info into, and when you hit
> the submit button the info is sent to a SSL URL. Theoretically this
> would be secure, but there are security problems with this which was
> recently discussed at BlackHat (see http://www.doxpara.com/?p=1269 and
> https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf).
> Mainly you can downgrade the connection, and also you can inject
> javascript into the non-SSL page and sniff the data from the form.
Yeah, this specific item is old news. My coworker and I once wrote a
simple MitM script for this specific issue in Yahoo!'s login form before
they started making it SSL by default. All we did was change the form
destination to our own CGI script. The CGI script responded with a
redirect which sent the user's browser back to the proper SSL page.
In most browsers, the users will never know the difference. It's a
trivial attack, and quite fun to demonstrate.
tim
More information about the PLUG
mailing list