Internet Security Systems - AlertCon(TM)

...and while we're talking about MITM...

Posted by Tom Cross on November 06, 2009 at 6:29 PM EST.

While we're talking about man in the middle attacks on web applications, its worth mentioning that, in general, web application security is very fragile when faced with attackers who are in the middle. Our friends at Rational wrote an excellent paper earlier this year on the subject, titled "Active Man in the Middle Attacks." It probably won't help you sleep better at night, but it does butress the point that this new SSL attack is a small change to an already unstable situation.

The bottom line is that you ought to be careful about open wireless access points.

Comments or opinions expressed on this Weblog are the opinions of the authors alone. They are not necessarily reviewed in advance by anyone but the individual authors, and neither IBM Internet Security Systems nor any other party necessarily agrees with them. The views expressed by outside contributors and links to outside websites do not represent the views of IBM Internet Security Systems, its management or employees. All content on this Weblog has been made available on an “as-is” basis, and IBM Internet Security Systems shall not be liable for any direct or indirect damages arising out of use of this Weblog.