SecurityTubeBeta
Watch ... Learn ... Contribute
securitytube home
programming videos
tools videos
basics videos
fun
divider
upload video on SecurityTube
rss feed for SecurityTube
Blog!

SSL MITM Attack Over Wireless Demo
 

SSL MITM Attack basics has been discussed in a previous video. In this video we will look at a practical demonstration of an SSL MITM Attack over wireless using Yahoo Mail as a case study. It is important to note here that the reason for compromise is the fact that SSL protocol is susceptible to MITM attacks and is applicable to all websites using SSL and is not isolated to Yahoo Mail. The interesting thing as you will see in the video is that even though the browser detects the SSL certificate mismatch and popups up the security alert, most users will generally click through it. Thus the SSL MITM in most cases (where there are no software related bugs) works because users are gullible enough to click through security alerts and warnings. The most common place where i can imagine this attack being pulled off is in public hotspot areas, where users are on the lookout for any free open Wifi connection. An Attacker could easily lure users to connect to their Honeypots and then steal their passwords.
Enable Javascript or Download Flash Playe if you see this!

 
Related Videos from: Man in the Middle Attacks
divider
SSL MITM Attack Over Wireless
You are Viewing this Video Now!
785 views
622 views

Links:

1. Man in the Middle Attack

2. SSL Man in the Middle Attack

3. Dnsspoof Basics

4. Delegate Proxy
 
Author
Vivek-Ramachandran

Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the founder of an online startup (currently in stealth mode). Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net

 
©2007 Freak Labs