An anarchist superhacker has just released a powerful little program called “sslstrip.”
On encrypted web pages, the letter “s” appears at the end of “http.” This program strips the “s” away, leading the victim to an unencrypted but otherwise identical version of the page. The victim then enters their log-in information unaware that the attacker is recording what they type. The program requires its operator to be between the victim’s computer and its internet connection, such as on a free wireless internet server. The security researcher stressed that the attack succeeds because browsers have moved from providing positive feedback when a site is secure to only providing negative feedback when the software detects something wrong. By providing additional cues, such as a locked icon as the favicon, an attacker could make a targeted user more likely to fall for the ruse. In addition, an attacker could use international domain names to create a URL that appears to be a valid address to a major Web site, but in reality, includes '.' and '/' characters from international character sets.
You can download sslstrip NOW !
Keine Kommentare:
Kommentar veröffentlichen