Hi, > I have to say I have my doubts that either Boingo or Sheraton hotels, or > other providers would be doing MitM for advertising/profiling or whatever > reasons to their respective wifi services. Absent certs showing this, > its a > significantly controversial claim, and there are many many reasons you can > see something that appears suspicious at a glance. Multiple certs for the > same domain (load balancers), legitimately changed certs, different certs > for different server farms in different geographic locations, cert warnings > before you login because of the HTTP intercept, cached/delayed versions of > the previous, localhost anti-spam/anti-virus proxies that are doing > transparent proxying, VPN routing to a MitM corporate box? There are a lot > of things that can do unexpected things.
I could imagine such attacks happen more frequently in hotels in certain countries with a high inclination towards wiretapping. Industrial espionage could be one motivation. On an unrelated note, there was a report of a Tor exit node doing a MitM on SSL connections running through it. Of course, it was years ago and I didn't pay much attention to it then, and have no URL that I could provide. :-/ Ralph -- Dipl.-Inform. Ralph Holz I8: Network Architectures and Services Technische Universität München http://www.net.in.tum.de/de/mitarbeiter/holz/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography