[26635] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

IE SSL Exploit

daemon@ATHENA.MIT.EDU (Mike Benham)
Mon Aug 12 19:05:54 2002

Date: Mon, 12 Aug 2002 01:04:13 -0700 (PDT)
From: Mike Benham <moxie@thoughtcrime.org>
To: <bugtraq@securityfocus.com>
Message-ID: <Pine.BSO.4.33.0208120050310.13389-100000@moxie.thoughtcrime.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

This is a follow-up to my previous advisory:
http://online.securityfocus.com/archive/1/286290/2002-07-31/2002-08-06/0

Thanks to everyone who helped verify the vulnerability.

I've written a small tool (sslsniff) that demonstrates the severity of
this vulnerability in a real-world setting.  It performs undetected
hijacking/sniffing of IE SSL sessions, even on a switched network.

It can be found at http://www.thoughtcrime.org/ie.html

Still no word from Microsoft.

- Mike

--
http://www.thoughtcrime.org


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[26635] in bugtraq

IE SSL Exploit

daemon@ATHENA.MIT.EDU (Mike Benham)Mon Aug 12 19:05:54 2002

daemon@ATHENA.MIT.EDU (Mike Benham)
Mon Aug 12 19:05:54 2002