The Privacy BlogPrivacy, Security, Cryptography, and Anonymity

TAG | man-in-the-middle

It appears that China recently launched a poorly executed Man in the Middle (MITM) attack on GitHub. Greatfire.org has all the details. In short: GitHub.com is an https only website, so the only way to monitor it is to use a MITM attack to decrypt the contents of the communications. There is evidence that GitHub […]

· · · ·

Gigaom reports on a major security issue at Nokia, first announced in the “Treasure Hunt” blog. Their Asha and Lumia phones come with something they call the “Xpress Browser”. To improve the browser experience, the web traffic is proxies and cached. That is a fairly common and accepted practice. Where Nokia has stepped into questionable […]

· · · · ·

Schneier on Security: Domain-in-the-Middle Attacks Bruce Schneier on the real world effectiveness of a very simple domain name based man in the middle attack. Here is a Wired article on the same issue showing how it was used to steal 20 GB of email from a Fortune 500 company.

· · · · ·