[78741] in cryptography@c2.net mail archive
Re: man in the middle, SSL
daemon@ATHENA.MIT.EDU (=?UTF-8?B?SXZhbiBLcnN0acSH?=)
Sat Feb 3 17:00:42 2007
Date: Sat, 03 Feb 2007 16:18:53 -0500
From: =?UTF-8?B?SXZhbiBLcnN0acSH?= <krstic@solarsail.hcs.harvard.edu>
To: Beryllium Sphere LLC <1dxqk0p02@sneakemail.com>
CC: Metzdowd Crypto <cryptography@metzdowd.com>
In-Reply-To: <26647-33938@sneakemail.com>
[I prefer to keep discussions on-list where possible. CCing the list.]
Beryllium Sphere LLC wrote:
> Bruce Schneier pointed out years ago that it's trivial for a virus
> or Trojan to add a new trusted CA to the browser's list of trusted
> roots. At least one "advertising support web accelerator" installs
> itself in the browser configuration as a peer of Verisign and can
> then proxy SSL without any warning to the user.
Right. I was talking about the kind of MITM where an attacker is
physically between your machine and the SSL destination, such as sitting
on your network's egress. MOYM (man on your machine) attacks are a bit
of a lost cause with most modern OS environments, though I've been
working pretty hard to try and change that on the One Laptop per Child
machines.
--
Ivan Krstić <krstic@solarsail.hcs.harvard.edu> | GPG: 0x147C722D
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
