Re: [cryptography] A REALLY BIG MITM

2011-01-27 Thread Peter Gutmann
I wrote: This isn't one of those namby-pamby one-site phishing MITMs, this is a MITM of an entire country: For those who want more details, there's a technical analysis at: http://blog.jgc.org/2011/01/code-injected-to-steal-passwords-in.html Full source available via pastebin:

Re: [cryptography] A REALLY BIG MITM

2011-01-26 Thread Marsh Ray
On 01/25/2011 09:50 PM, Peter Gutmann wrote: This isn't one of those namby-pamby one-site phishing MITMs, this is a MITM of an entire country: http://www.theatlantic.com/technology/archive/2011/01/the-inside-story-of-how-facebook-responded-to-tunisian-hacks/70044/ For those who don't want to

Re: [cryptography] A REALLY BIG MITM

2011-01-26 Thread Peter Gutmann
I wrote: For those who don't want to read the whole thing, the solution was duuhh, we turned on thuh SSL - they were using plain HTTP for logon. Sigh. Looks like they now made HTTPS for login permanent: http://digitizor.com/2011/01/26/facebook-social-login-https/ Funny how so many of these