Didier Stevens

Friday 19 October 2007

Pwned @ hack.lu?

Filed under: Entertainment,N800 — Didier Stevens @ 23:22

While using the WiFi today at hack.lu I got this pop-up on my N800:

hacklu2007-mtm.png

Care to guess what happened? Post a comment!

EDITED TO ADD (21/10): Thomas Roessler managed to capture a lot more than a screenshot while witnessing the attack, read his excellent blog post here.

And be sure to read the comments for my post, several are from hack.lu attendees who lived through the attack.

8 Comments »

  1. And still a lot of people clicked through (they told me). I also saw it and I checked the name and the CA and it seemed fine. The analysis from someone in the public on the beamer was breathtaking.

    And a lot of people in the audience were security professionals. I guess no one is perfect. It was a devious attack.

    Comment by Benny K — Friday 19 October 2007 @ 23:36

  2. Someone used Cain & Abel in APR mode between the gateway and it’s users…?

    Comment by Noah — Saturday 20 October 2007 @ 23:01

  4. Yeah, there’s a way to create a fake certificate using Cain & Abel. Then you get a “secure” connection to the owner of the false certificate so you transmit your password 😛

    Comment by achtung! — Sunday 21 October 2007 @ 3:10

  5. My bet is on ettercap, since the attacker used the default public key that is shipped with that piece of software — but of course that’s not proof.

    Evidence and a bit of analysis are here:
    http://log.does-not-exist.org/archives/2007/10/20/2144_hacklu_mitming_a_room_full_of_security_people.html

    Comment by tlr — Sunday 21 October 2007 @ 9:48

  6. […] witnessed a man-in-the-middle attack on the TLS at hack.lu (a hacker/security conference held in Luxembourg) […]

    Pingback by Hackers Blog » Blog Archive » Security conference attendees fall victim to man-in-the-middle hack — Monday 22 October 2007 @ 12:11

  7. Nice GUI. What’s that? Seems like Vista but…

    Comment by uber — Sunday 28 October 2007 @ 17:59

  8. That’s my Nokia N800, more pics here: https://blog.didierstevens.com/2007/06/05/omg-my-n800-is-infected/

    Comment by Didier Stevens — Monday 29 October 2007 @ 11:43


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.