Just a quickie: MITMing a room full of security people ;-)
The screenshot
The analysis
Sunday
MITMing a room full of security people @ Hack.lu
Subscribe to:
Post Comments (Atom)
About this blog
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
Upcoming Security Events (in Belgium)
Security Database Tools Watch
Security Bloggers Network
digg / security4all / history
Blog Archive
-
►
2009
(95)
- ► December 2009 (2)
- ► October 2009 (6)
- ► September 2009 (4)
- ► August 2009 (4)
-
►
July 2009
(15)
- Day 2: A collection of #Blackhat articles: keeping...
- BlackHat slides available and first blogposts
- IE Killbits don't work, or why MS released an OOB ...
- Microsoft July 2009 Out-of-Band Releases
- How to follow Blackhat/Defcon without being there
- Preparing your laptop (or iPhone) for a security/h...
- Remote root exploit in DD-WRT httpd daemon.
- 0-Day in Adobe Flash, also executable from Acrobat...
- Nmap 5.00 Released with new additions: ndiff, ncat...
- According to Child Support groups, Net filtering i...
- Oracle & Microsoft Patch Tuesday and a Firefox 0-d...
- Fake OpenSSH 0-day, don't run 0pen0wn.c
- Active exploitation of Office Web Component Active...
- HostileWRT: the misconceptions about the Hadopi Ro...
- Big Brother 2009: Has the rebellion started?
-
►
March 2009
(11)
- BBC Click decided to rent a botnet
- Have a look at the lastest SANS papers
- The Antwerp Diamond Heist
- Adobe pushes out fix for Reader and Acrobat zero-d...
- The sweet irony: Foxit PDF reader releases JBIG2 s...
- PDF Exploit PoC without any user interaction
- Acrobat reader exploit works without opening pdf
- Last of the Defcon videos uploaded
- Excel zero-day patch not included in next Reboot T...
- Webcast: "Modern Social Engineering - A Vital Comp...
- ► February 2009 (27)
- ► January 2009 (19)
-
►
2008
(583)
- ► December 2008 (22)
- ► November 2008 (49)
- ► October 2008 (31)
- ► September 2008 (39)
- ► August 2008 (41)
- ► April 2008 (76)
- ► March 2008 (53)
- ► February 2008 (46)
- ► January 2008 (38)
Disclaimer
All content provided is for the purpose of general information and for educational purposes only. It should NOT be construed as professional advice or guidance, and is not an offer of service or products. The information in this weblog is provided “AS IS” with no warranties. Use at own risk.
All trademarks and copyrights on this blog are owned by their respective owners.
Feel free to disagree with me, but I reserve the right to refuse any comment for any reason whatsoever.
This blog is licensed under a Creative Common Attribution-NonCommercial-ShareAlike License.
This blog is licensed under a Creative Common Attribution-NonCommercial-ShareAlike License .
1 comments:
I was in that room at the moment the attack took place.
What did I do? Well, I realized this certificate warning was the result of some attack by a person/group at hack.lu. Since I was using my N800 and I was using a throw-away Gmail account I had created for the CTF (with a password totally different from my password-schemes), I decided the risk was really low for me. So I started to inspect the certificate, but the Opera browser on my N800 didn't manage to display the certificate (probably because of the certificate tampering). And then I accepted the certificate for the current session, because I'm inquisitive and like to investigate. But it didn't work for me, my browser didn't display the gmail inbox.
Post a Comment