Sunday, October 21, 2007

Security conference attendees fall victim to man-in-the-middle hack

Hacklu2007-mtm


Just got this by email from Didier Stevens:

I witnessed a man-in-the-middle attack on the TLS at hack.lu (a hacker/security conference held in Luxembourg) this weekend. Thomas Roessler, who was also in the room, managed to capture a lot more than a screenshot and posted his fact-findings here.

So, what happened? As I said in a spontaneous lightning talk after that session, my diagnosis was that somebody was running a man-in-the-middle attack on a room full of security people. The tool they were using rewrote the TLS certificates that were shown by servers, but tried to keep the human-readable information in the certificate intact. (As Benny K notes in a comment, "the certificate seemed fine".)

What fascinates me most about this incident is that several security professionals in the room still accepted the forged certificate while they knew they were connected to a hostile wireless network.

You can see the image at Didier�s blog here.


Alex Eckelberry

No comments:

Post a Comment