PenTestLaboratory - Invest in your knowledge. Invest in yourself.
[Advertise With HackThisSite.org]

Hack This Site - Forums Index

SSL, This elepant isn't going away

The fear of every surveillance society: citizens protecting their own privacy with strong cryptography
Post a reply

SSL, This elepant isn't going away

Post by thetan on Thu Nov 11, 2010 10:31 am
([msg=48810]see SSL, This elepant isn't going away[/msg])

http://www.infobytesec.com/down/isr-evi ... Readme.txt

This week i present to you a rethink of the firesheep concept, only this time an order of magnitude more horrific.

Evil grade takes the same concept employed by firesheep, which is snooping on _unencrypted_ and _unauthenticated_ connections adds a little bit of DNS spoofing in the mix and installs backdoors on victims system's that attempt to upgrade a program that doesn't use an _authenticated_ connection.

Had these vulnerable programs pulled upgrades over SSL/TLS in a strict manner, evilgrade would be powerless over them.

Hopefully this will be another harsh lesson for software engineers to stop ignoring the elephant in the room.
"If art interprets our dreams, the computer executes them in the guise of programs!" - SICP

Image

“If at first, the idea is not absurd, then there is no hope for it” - Albert Einstein
User avatar
thetan
Contributor
Contributor
 
Posts: 653
Joined: Thu Dec 17, 2009 6:58 pm
Location: Various Bay Area Cities, California
Blog: View Blog (0)

Re: SSL, This elepant isn't going away

Post by alltheprettyhorses on Thu Nov 11, 2010 11:17 am
([msg=48811]see Re: SSL, This elepant isn't going away[/msg])

Hmmm, the more exploits against this vulnerability that come out, the more likely it is to become common practice to ostracise the proverbial elephant.
"So this is how liberty dies; With thunderous applause..."
User avatar
alltheprettyhorses
New User
New User
 
Posts: 42
Joined: Sun Sep 05, 2010 10:17 am
Blog: View Blog (0)

Re: SSL, This elepant isn't going away

Post by centip3de on Thu Nov 18, 2010 5:55 pm
([msg=49100]see Re: SSL, This elepant isn't going away[/msg])

I have 10 of those programs....... *uninstalls* *shifty eyes*
I am c0bra2's idiotic bitch. (I lost a bet)
User avatar
centip3de
Addict
Addict
 
Posts: 1216
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)
Post a reply

Return to Crypto

Who is online

Users browsing this forum: No registered users and 0 guests

Disclaimer :
HackThisSite does not support illegal activities.
The management of this board is not responsible for the content of any external internet sites.
Powered by phpBB © 2000-2009 phpBB Group
Carbon Style By Echo -=Designs By Echo=- © 2007 Echo
Administration Control Panel