Abuse Melding

Je hebt een klacht over de onderstaande posting:

16-08-2002, 16:26 door Anoniem

http://www.theregister.co.uk/content/4/26714.html Attacking the flaw, MS says, would be well-nigh impossible for three reasons. First, there's no easy way for an attacker to lure a victim to a malicious knock-off Web site, which MS flacks insist is a precondition for exploitation. Actually, what they say is, the attack scenario "provides no way to make the user actually arrive at the attacker's site." Well, that's true in a sense. Luring the victim is a problem which needs to be solved or sidestepped for an attack to work. But is it strictly necessary? The short answer is no. Benham's attack tool, sslsniff, uses ARP (Address Resolution Protocol) spoofing rather than social engineering, and just grabs data from other people's SSL sessions using ARPspoof to get between client and host as a proxy, and his certificate chaining attack to defeat Windows' certificate verification mechanism. Thus an attacker can easily place himself between you and your bank and log your business using a bogus SSL ...

Beschrijf je klacht (Optioneel):

captcha