1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Hacker creates SSLstrip package

Discussion in 'Article Discussion' started by CardJoe, 20 Feb 2009.

  1. CardJoe

    CardJoe Freelance Journalist

    Joined:
    3 Apr 2007
    Posts:
    11,343
    Likes Received:
    292
  2. n3mo

    n3mo New Member

    Joined:
    15 Oct 2007
    Posts:
    184
    Likes Received:
    1
    Those attacks were tested some time before, very effective indeed. The main problem is that since the beginning ISPs should have invested in full-scale encryption systems. They didn't, because it was "too expensive". Well, now we pay for that.
     
  3. perplekks45

    perplekks45 LIKE AN ANIMAL!

    Joined:
    9 May 2004
    Posts:
    5,650
    Likes Received:
    293
    We can only wait for the first class action filed in the US against [enter ISP name here] and within just 2-5 years ISPs will sort their hardware problems out...
     
  4. Redbeaver

    Redbeaver The Other Red Meat

    Joined:
    15 Feb 2006
    Posts:
    2,056
    Likes Received:
    34
    that is indeed a very interesting toy.......
     
  5. n3mo

    n3mo New Member

    Joined:
    15 Oct 2007
    Posts:
    184
    Likes Received:
    1
    Well, not really. Governments don't like encryption at all - in England even using Putty is illegal. (I know, this is so dumb... it's even hard to phrase how dumb it is, actually)
     
  6. perplekks45

    perplekks45 LIKE AN ANIMAL!

    Joined:
    9 May 2004
    Posts:
    5,650
    Likes Received:
    293
    Putty is illegal? Great! That reminds me of the German government trying to pass a law making the use of vulnerability scanners illegal. And how exactly would companies be able to find vulnerabilities after that? Testing for them manually? Great idea. :D
     
  7. boiled_elephant

    boiled_elephant Whitelist Bit-Tech in your adblock!

    Joined:
    14 Jul 2004
    Posts:
    5,933
    Likes Received:
    432
    I excreted bricks. That is a very, very worrying discovery. Proof positive, thuough, that Black Hat is actually a useful convention - imagine if the first person to discover this had been a genuine crook?
     
  8. dyzophoria

    dyzophoria Member

    Joined:
    3 May 2004
    Posts:
    391
    Likes Received:
    1
    so from what Im understanding, since this is a man in the middle attack, this would only possible with public WIFI hotspots right?
     
  9. Timmy_the_tortoise

    Timmy_the_tortoise International Man of Awesome

    Joined:
    28 Feb 2008
    Posts:
    1,039
    Likes Received:
    7
    They'd better fix this soon.
     
  10. [USRF]Obiwan

    [USRF]Obiwan New Member

    Joined:
    9 Apr 2003
    Posts:
    1,721
    Likes Received:
    5
    To be honest the real let down is that you have to pay so much money for a SSL license. Can hook up one domain or IP address. For a web server hosting multiple sites this is a terrible construction.
     
Tags: Add Tags

Share This Page