Security conference attendees fall victim to man-in-the-middle hack

http www sunbelt software com ihs alex hacklu2007 2Dmtm thumb jpg

Just got this by email from Didier Stevens:

I witnessed a man-in-the-middle attack on the TLS at hack.lu (a hacker/security conference held in Luxembourg) this weekend. Thomes Roessler, who was also in the room, managed to capture a lot more than a screenshot and posted his fact-findings here.

So, what happened? As I said in a spontaneous lightning talk after that session, my diagnosis was that somebody was running a man-in-the-middle attack on a room full of security people. The tool they were using rewrote the TLS certificates that were shown by servers, but tried to keep the human-readable information in the certificate intact. (As Benny K notes in a comment, "the certificate seemed fine".)

What fascinates me most about this incident is that several security professionals in the room still accepted the forged certificate while they knew they were connected to a hostile wireless network.

You can see the image at Didier’s blog here.