[cryptography] yet another certificate MITM attack

Jeffrey Walton noloader at gmail.com
Fri Jan 11 14:56:44 EST 2013


On Thu, Jan 10, 2013 at 6:59 PM, Jon Callas <jon at callas.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Others have said pretty much the same in this thread; this isn't an MITM attack, it's a proxy browsing service.
>
> There are a number of "optimized" browsers around. Opera Mini/Mobile, Amazon Silk for the Kindle Fire, and likely others. Lots of old "WAP" proxies did pretty much the same thing. The Nokia one is essentially Opera.
>
It's funny you bring up WAP. My secure coding guide also has a bullet:

Ensure the application is not using Wireless Application Protocol (WAP
1.x). The protocol specifies a WAP Proxy, which is the Man in the
Middle (MitM). WAP 2.x has its own set of problems.

Jeff



More information about the cryptography mailing list