+1 this does not require MITM from what I have read and heard. Its Javascript that performs the role of the malicious actor and its payload, which unfortunately, most browsers have on for web sites they do business with to function, which also leaves the door up for malware/spyware,. Drive by downloads.
Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 From: Erik Goldoff [mailto:[email protected]] Sent: Wednesday, September 21, 2011 10:25 AM To: NT System Admin Issues Subject: Re: SSL hack cross check your source ... my sources show this does NOT require MITM, just sniffing proximity, and client side soft(mal)ware injection, which individually proves not to be difficult, just requires a bit of coordination for both parts now. On Wed, Sep 21, 2011 at 10:11 AM, Kennedy, Jim < [email protected]> wrote: Ok, I have some insight on this one from a very trusted source. 1) It requires a successful man in the middle attack which is not that easy to do with SSL and it requires you to be on the same subnet as the victim or the SSL host. 2) The attack has been around for years, the only thing new here is that someone sort of built a tool to do it and is getting press coverage. 3) Very low risk. 4) Part of the exploit will be killed very quickly now that it has gone public. I am putting my SSL certs back in now. From: Andrew S. Baker [mailto:[email protected]] Sent: Wednesday, September 21, 2011 10:00 AM To: NT System Admin Issues Subject: Re: SSL hack LOL ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Wed, Sep 21, 2011 at 8:39 AM, Kennedy, Jim < [email protected]> wrote: I removed all my SSL certs, so they can't hack them. Just running straight http, let's see them beat that! From: Jonathan Link [mailto:[email protected]] Sent: Wednesday, September 21, 2011 8:39 AM To: NT System Admin Issues Subject: Re: SSL hack I think everyone is cowering in their foxholes right now... On Wed, Sep 21, 2011 at 8:33 AM, Erik Goldoff <[email protected]> wrote: Hmmmm, looks like something I posted yesterday ... maybe you'll get more response. On Wed, Sep 21, 2011 at 8:30 AM, Steven M. Caesare < [email protected]> wrote: Interesting, and potentially significant: http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/ -sc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<image001.jpg>>
