Wednesday, October 24, 2007

Hackers hacked at ...

A fellow blogger Didier Stevens witnessed a MITM attack on the TLS at this weekend ( is a hacker/security conference held in Luxembourg). Thomes Roessler, who was also in the room, managed to capture a lot more than a screenshot and posted his fact-findings here at this link.

Quote from his post:
So, what happened? As I said in a spontaneous lightning talk after that session, my diagnosis was that somebody was running a man-in-the-middle attack on a room full of security people. The tool they were using rewrote the TLS certificates that were shown by servers, but tried to keep the human-readable information in the certificate intact. (As Benny K notes in a comment, "the certificate seemed fine".)

Several people found it fascinating that several security professionals in the room still accepted the forged certificate while they new they were connected to a hostile wireless network. What if this happened during an anti-malware conference?
Would the result be different? In my opinion it shows the real thougts from a bad minded security guy. Is that not the real difference between the real security and the anti-malware world which is still a little bit different? I don't know.