| |||||||||||||
The case of the fraudulent SSL certificatesThe case of the fraudulent SSL certificatesPosted Mar 24, 2011 17:53 UTC (Thu) by giraffedata (subscriber, #1954)Parent article: The case of the fraudulent SSL certificates
How does a fraudulent certificate allow a man in the middle attack? Say I connect to a bad guy's wireless access point in an airport, then browse Paypal. How does the bad guy sniff my Paypal password? I can see how the bad guy could connect me to his impostor Paypal site, but that's not man-in-the-middle.
(Log in to post comments)
The case of the fraudulent SSL certificates Posted Mar 24, 2011 18:07 UTC (Thu) by nybble41 (subscriber, #55106) [Link]
You try to connect to PayPal. The bad guy intercepts your connection and forwards the traffic to/from the real PayPal site. This is essentially the definition of MITM.
Normally, SSL/TLS would prevent the MITM from observing the cleartext of the traffic, since (a) the MITM needs the proper private key to decrypt what you're sending, and (b) the client verifies that the public key used to encrypt outgoing traffic corresponds to the domain name. The bad guy can only observe the unencrypted traffic by substituting a different certificate, one which would not be approved by a registered CA for use with that domain, thus giving away the MITM attack.
The existence of a fraudulent certificate nullifies (b), since the client will see a certificate certified for the right domain name, but (presumably) the bad guy has the corresponding private key and can thus decrypt the traffic (and re-encrypt it with the right certificate before forwarding it to PayPal, or visa-versa).
|
|||||||||||||