Last week at Black Hat DC, Moxie Marlinspike presented a novel way to hijack SSL. You can read about it in this Forbes article, but we highly recommend you watch the video. sslstrip can rewrite all https links as http, but it goes far beyond that. Using unicode characters that look similar to / and ? it can construct URLs with a valid certificate and then redirect the user to the original site after stealing their credentials. The attack can be very difficult for even above average users to notice. This attack requires access to the client’s network, but Moxie successfully ran it on a Tor exit node.
Related Posts: On this day...
- Tron: Uprising: An early look at Disney's return to the Grid - 2012
- Big problems for online porn credit card processor - 2011
- Seattle Area Restaurant Refuses to Serve TSA Agents - 2011
- Boring + Boring = Pleasant?! - 2010
- Delta special: SFO to OAK for $69? - 2010
- Recipe for Disaster: The Formula That Killed Wall Street - 2009
- Circuit City name may live on with website - 2009
- The house that Best Buy built - 2009
- Stores aren't allowed to set minimum/maximum amounts or a fee for CREDIT CARDS - 2008