In message <[EMAIL PROTECTED]>, "MIKE SHAW" writes:
> It's my understanding that in order to exploit this, you'd have to essentiall
> y
> set yourself up as a proxy after sending the RDP advert If this is the case,
>
> wouldn't the fact that the man in the middle did not have the cert that
> corresponded to the domain name cause at least one warning for most
> browsers? ('certificate name check' in netscape, 'wrong certificate name' in
> Opera). Otherwise, you'd just be acting as a router and SSL would prevent
> sniffing. Am I missing something?
Not as a proxy, since that's a different protocol from the host, but as the
end-system. Yes, you have to issue yourself a fake certificate, but I suspect
that that's not an insurmountable problem. And of course, that certificate is
signed by someone you've invented with a plausible name -- probably something
corresponding to the name of the site you're impersonating. Say, "Amazon.com
Electronic Security Services" or some such.