[prev in list] [next in list] [prev in thread] [next in thread]
List: cryptography-randombit
Subject: Re: [cryptography] Mobile Traffic Interception (SSL/TLS and VPN)
From: Mh <mhtajik () gmail ! com>
Date: 2012-09-09 22:28:20
Message-ID: D118814B04424B9297EE8B9CD80C9F8F () gmail ! com
[Download RAW message or body]
while we are at this subject , i have a friendly complaint from EFF folks . a couple of weeks ago i asked them regarding the PDF of relations between CAs , to give me its Graphviz source so i can correlate it with my own work prevent sending more packets out saving the plant earth by being green and shit ;) they told me they are not sure its made of Graphviz and later i did not receive answer from my follow up questions . not that anybody owes anybody anything here . but i'd appreciate more if they helped . nonetheless , salute to their work .
Regards
On دوشنبه, شهریور ۲۰, ۱۳۹۱ at ۱:۴۲, Ralph Holz wrote:
> Hi,
>
> Is there a reason you focus primarily on mobile networks? Anyway, you
> can use 3G sticks and laptops for mobile access, so I assume the
> following fits your category, too.
>
> Crossbear uses a notary approach plus traceroutes from many locations in
> an attempt to find the attacker:
>
> https://github.com/crossbear/Crossbear
>
> There is a paper from ESORICS:
>
> http://www.net.in.tum.de/fileadmin/bibtex/publications/papers/holz_x509forensics_esorics2012.pdf
>
> The difficulty is, of course, that in-band localisation can be countered
> by powerful and clever attackers. During the beta phase, we collected
> around 4000 certificate chains - none due to a MitM. Our chief
> difficulty is actually getting the tool through the Mozilla add-on
> checks - functionality checks require them to set up a MitM to test
> themselves...
>
> Crossbear is in the process of being integrated with OONI, which should
> give it more traction:
>
> http://www.ooni.nu/
>
> Our hope is that with OONI's advanced arsenal of methods, we can counter
> some of the attacker's measures. Our promise is also that we publish all
> our data, minus "anonymisation" where required.
>
> One point I really think should be stressed is that such tools should
> only be used by people who know what they are doing and know that there
> could be consequences - it is potentially dangerous in some countries to
> run such things! E.g. one of my colleagues has a network measurement
> suite for Android, which enjoys quite some popularity on the Android
> store because it gives you nice feedback about your provider's network
> and how well you are served. However, they don't do SSL checks, and for
> good reason: their tool is meant for unsavvy users, too, who might use
> the tool in certain countries, and they don't want to endanger them.
>
> Also, I know the EFF is collecting data with HTTPs Everywhere, but it's
> opt-in so far and without tracerouting. When I met Peter last December,
> he also told me that they have not found genuine MitM (i.e. not
> off-the-shelf middle-boxes).
>
> Ralph
>
> On 09/09/2012 09:01 PM, Jeffrey Walton wrote:
> > Hi All,
> >
> > Is anyone aware of papers or studies on HTTPS traffic interception in
> > mobile networks?
> >
> > I know Colling Mulliner did a study of HTTP headers and information
> > leakage in the past. I know we have Trustwave (and I'm not aware of
> > published results of Mozilla's subsequent actions) and the more
> > general problem of Public CA hierarchies. I am aware of products like
> > BlueCoat and Dr. Matt Greene's Interception Proxies page. I believe
> > the EFF is aggregating data on SSL/TLS at the moment, but the data
> > will not be released for some time.
> >
> > With HTML5 and WebSockets, I believe we can build a smarter client
> > that can detect interception based on pinning (either public key or
> > certificate). Is anyone aware of any tools for doing so (perhaps where
> > aggregated data is offered)?
>
>
> --
> Ralph Holz
> Network Architectures and Services
> Technische Universität München
> http://www.net.in.tum.de/de/mitarbeiter/holz/
> PGP: A805 D19C E23E 6BBB E0C4 86DC 520E 0C83 69B0 03EF
> _______________________________________________
> cryptography mailing list
> cryptography@randombit.net (mailto:cryptography@randombit.net)
> http://lists.randombit.net/mailman/listinfo/cryptography
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic