[26618] in bugtraq
Re: IE SSL Vulnerability
daemon@ATHENA.MIT.EDU (=?iso-8859-2?Q?Pawe=B3?= Krawczyk)
Sat Aug 10 21:16:13 2002
Date: Sat, 10 Aug 2002 09:45:17 +0200
From: =?iso-8859-2?Q?Pawe=B3?= Krawczyk <kravietz@aba.krakow.pl>
To: Mike Benham <moxie@thoughtcrime.org>
Message-ID: <20020810074517.GB21239@aba.krakow.pl>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <Pine.BSO.4.33.0208071202490.16005-100000@moxie.thoughtcrime.org>
On Wed, Aug 07, 2002 at 12:24:19PM -0700, Mike Benham wrote:
> First of all, https://www.thoughtcrime.org is NOT the demo site. Several
> people were confused by this email, and subsequently concluded that their
> browser isn't vulnerable because they got an alert that the "name on the
> certificate is invalid." If you would like to see a demo of this
> vulnerability, please email me offline.
By the way, I've performed full man-in-the-middle with a real bank
involved and myselft as victim. It's easy and works perfectly, so I've put
a brief description and screenshots at http://arch.ipsec.pl/inteligo.html
Details on programs' setup and fake certificate generation are omitted
not to provide script-kiddies with a ready recipe.
Actually, you can use Mike's https://www.thoughtcrime.org/ as demo
site but you first need to DNS spoof your browser into thinking
that www.amazon.com has address of 66.93.78.63, which is easy using
dnsspoof from dsniff for example.
--
Paweł Krawczyk, Kraków, Poland http://echelon.pl/kravietz/
crypto: http://ipsec.pl/
horses: http://kabardians.com/
