Slashdot Mirror


Perfect MITM Attacks With No-Check SSL Certs

StartCom writes "In a previous article I reported about Man-In-The-Middle attacks and spotlighted an example showing that they really happen. MITM attacks just got easier. In the attack described previously, untrusted certificates from an unknown issuer were used. Want to make the attack perfect with no error and a fully trusted certificate? No problem, just head over to one of Comodo's resellers. Screenshots and disclosure provided at the link."

2 of 300 comments (clear)

  1. Really now. by cp.tar · · Score: 4, Funny

    The example cited is "RESOLVED INVALID". The link to the "perfect attack" seems to be slashdotted. And at the time I started writing this comment, there have been no comments whatsoever.

    Does this mean that Slashdotters have all swarmed the link trying to find out how to execute the perfect attack? Are we seeing a new trend here, with people actually reading TFAs?

    Or is it that too many people have Greasemonkey scripts filtering out kdawson's posts?

    --
    Ignore this signature. By order.
    1. Re:Really now. by ghmh · · Score: 5, Funny

      Apparently the perfect attack is actually 'Slashdot in the Middle'