Date: Mon, 12 Aug 2002 01:04:13 -0700 (PDT)
From: Mike Benham <moxie@thoughtcrime.org>
To: bugtraq@securityfocus.com
Subject: IE SSL Exploit
This is a follow-up to my previous advisory:
http://online.securityfocus.com/archive/1/286290/2002-07-31/2002-08-06/0
Thanks to everyone who helped verify the vulnerability.
I've written a small tool (sslsniff) that demonstrates the severity of
this vulnerability in a real-world setting. It performs undetected
hijacking/sniffing of IE SSL sessions, even on a switched network.
It can be found at http://www.thoughtcrime.org/ie.html
Still no word from Microsoft.
- Mike
--
http://www.thoughtcrime.org
