[Dshield] Eavesdropping

Daniel G. Kluge dkluge at acm.org
Tue Jun 8 20:50:07 GMT 2004


Am 04.06.2004 um 17:08 schrieb David Klotz:

> Since the list is so slow right now, I'll take this opportunity to ask 
> a
> question:  Has anyone ever heard of somebody successfully 
> eavesdropping on a
> validly established HTTPS connection?
>
> Some term definition: by "successful", I mean snooped encrypted 
> traffic,
> decrypted it, and learned something they didn't already know.  "Valid" 
> means
> there was nothing funny going on with the setup of the secure 
> connection.  I
> know about MIM attacks, and I know you can trick people into going to 
> "secure"
> sites that aren't what they think they are, but I'm not interested in 
> those
> situations.
>

There were attacks that I'm aware of on an old Netscape Browser (the 
ones with the broken PRNG), David Wagner & Ian Goldberg also wrote on 
the subject. There was a successful attack on a 40bit encrypted 
connection, done INRIA if I'm not mistaken using brute force.

More recently there were some timing vulnerabilities in OpenSSL exposed 
by EPFL researchers, but working only for IMAPv4, not for https.

I don't think that you will see too much on outright crypto attacks, 
but MIM attacks will be quite likely given the multitudes of possible 
attacks (invalid certs, broken browsers).

Cheers,
-daniel





More information about the list mailing list