Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If people moved to your scheme MITM would become common and we'd be writing about FirePiggyInTheMiddle or similar. They can be automated. You need some trust infrastructure for encryption to work.


In order to do FirePiggyInTheMiddle, you need to control the router. You can't just sit in the subnet and start sending commands to random clients to hijack their connection, especially when it is symmetrically encrypted.


ARP poisoning doesn't require control of the router; it makes MITMs pretty trivial.

http://www.windowsecurity.com/articles/Understanding-Man-in-...


Ok you guys can stop with the "but what about this" now.

We all realize there are 1000 different attacks with various levels of difficulty and all of which have appropriate countermeasures and are nowhere near the success rate nor ubiquity of simply receiving packets.


A much more likely and easier setup is to poison DNS with results that direct the victim to your own machine.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: