[cryptography] yet another certificate MITM attack
noloader at gmail.com
Fri Jan 11 14:56:44 EST 2013
On Thu, Jan 10, 2013 at 6:59 PM, Jon Callas <jon at callas.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Others have said pretty much the same in this thread; this isn't an MITM attack, it's a proxy browsing service.
> There are a number of "optimized" browsers around. Opera Mini/Mobile, Amazon Silk for the Kindle Fire, and likely others. Lots of old "WAP" proxies did pretty much the same thing. The Nokia one is essentially Opera.
It's funny you bring up WAP. My secure coding guide also has a bullet:
Ensure the application is not using Wireless Application Protocol (WAP
1.x). The protocol specifies a WAP Proxy, which is the Man in the
Middle (MitM). WAP 2.x has its own set of problems.
More information about the cryptography