On 11/07/2008 11:21 PM, Nelson B Bolyard:
I will add that, while MITMs have historically been very rare, they are on the upswing. I see two broad areas where MITM attacks are on the increase, and they're both directed at the user, not the server.
One must recognize the fact that MITM attacks were in the past rather expensive when compared to other options to deceive a user. However due to better anti-phishing measures and on some operating systems also anti-viruses and with the rise of wireless, MITM attacks have become more attractive.
Obviously such attacks can be performed cheaper as well, by simply redirecting to regular http protocol, for which I suggest to set browser.identity.ssl_domain_display to 1. It should be the default setting IMO since it raises awareness and by my own account I've become quite used to it (after the switch from the yellow address bar).
The ISP MITM phenomenon is on the rise, just getting started now. I would encourage users to periodically examine their systems for trusted root CA certs that belong to their ISP, because such certs make it EASY for the ISP to do MITM. (Hint: there's one ISP with roots in FF)
Actually the attack which started this thread might have been simply a router which creates the certs on the fly...
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
