SSL MITM-attacks make the news

[Anne & Lynn Wheeler]

ABN Amro compensates victims of 'man-in-the-middle' attack
http://www.finextra.com/fullstory.asp?id=16750

from above:

Four ABN Amro customers activated a virus allowing a man-in-the-middle attack 
that overcame the bank's two-factor authentication. After the attack, ABN Amro 
removed an 'urgent payment' option from its Web site as a precaution, 
compensated the customers and launched a campaign to remind users about 
internet banking safety.

... snip ...

and lots of past posts mentioning MITM-attacks
http://www.garlic.com/~lynn/subintegrity.html#mitm

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

MITM attacks

[l . crypto]

Take many grains of salt before concluding that MITM attacks are either
hard or don't happen.

It is just that the environment for them is not the Internet per se, but
modern switched LANs.   The basic trick to monitoring someone's LAN traffic
is to convince the ARP machinery that the MITM MAC is associated with
the target's IP address, and then to forward the intercepted traffic to
the real MAC address.

This sort of thing is also one approach to getting into wireless lans.

So given switched LANs with wireless access points, (drive up access)
I would not be surprised at a rise in MITM attacks, even with
no crypto involved.

-Larry


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]