* Ted Lemon wrote: >The thing that hit me from this article that I really just hadn't fully >understood previously is that any web site that displays personalized >information per user that can be easily parsed now serves as a way to do >a targeted attack on an individual or on individuals who work for an >organization. > >So if you read slashdot or tumblr, for example, both of which display >personally identifying information on their home pages if you are logged >in, then an MiTM attacker can listen on the link the server is connected >to and trigger on HTTP responses to you, and then attack you >specifically, without revealing the attack to anyone else.
>This can be mitigated in several ways—obviously https-everywhere will >address the problem, but also if the web site simply doesn't display >personally identifying information in their outgoing traffic, then the >passive attack isn't possible. Online advertisers are happy to help you identify your targets and put code on their computers, <http://en.wikipedia.org/wiki/Malvertising>. -- Björn Höhrmann · mailto:[email protected] · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
