Items tagged with: mitm

Search

Items tagged with: mitm

wrote: "[...] something we technically knew was going on before but didn't consciously consider a threat, until now."

I've been warning for CDN's like Cloudflare and Fastly (and cloud providers in general) for a long time.

Here's a recent toot (in Dutch, the "translate" button should do the job): infosec.exchange/@ErikvanStrat….

If you trust Google to translate it (guaranteed NOT error-free, it *may* work in other browsers than Chrome): infosec-exchange.translate.goo…

P.S. Fastly knows your infosec.exchange login credentials.

@malanalysis

#Cloudflare #MitM #AitM #Fastly #CDN #TLSinterception


Erik van Straten (@ErikvanStraten@infosec.exchange)

Attached: 1 image Risico Cloudflare (+Trump) 🌦️ Achter Cloudflare Steeds meer websites zitten "achter" het Amerikaanse bedrijf Cloudflare. Stel u opent https://pvv.
Infosec Exchange
#cloudflare #mitm #fastly #AiTM #cdn #tlsinterception @Vern McCandlish

daniel, i respect and admire you for your considerate and respectful behavior, but would it be appropriate to point out the potential of unintended #mitm interception more clearly in this case?
i mean, the title could also have been "apple does not want you to notice when you are being wiretapped", or do i miss any other precaution they took for this not to happen?

also, i find it shocking that i don't find this shocking any more… 🤯

#mitm

@protonmail The problem is more like "fiddling with the contents" or doing anything in transit.

Cuz I do #E2EE the way it's meant to be done aka. #SelfCustody of #Keys and not some #MITM'ing "Appliance"...

#e2ee #keys #mitm #selfcustody @Proton Mail

#xmpp #tls #mitm

#XSF Announcement

Recently there was an incident via a so called #man_in_the_middle attack happened to an #XMPP #server.

To reduce the risk of such attacks in the future an early stage service called CertWatch has been published by our Community: certwatch.xmpp.net/

Many thanks to Stephen P. Weber (@singpolyma)!

Read two related blog posts:
blog.jmp.chat/b/certwatch/cert…

snikket.org/blog/on-the-jabber…

#Jabber #mitm #security #vulnerability #machine_in_the_middle #chat

CertWatch Logo

On the jabber.ru MITM attack

Reports of a possible recent interception of the public XMPP service jabber.ru have raised a lot of questions for people about how the attack happened, and whether it could affect them too. We have some answers.
snikket.org
#xmpp #security #Jabber #server #chat #vulnerability #xsf #mitm #man_in_the_middle #machine_in_the_middle @Stephen Paul Weber

Detailed and credible looking report of #LawfulInterception #MitM on an #xmpp server hosted at #Hetzner in Germany: notes.valdikss.org.ru/jabber.r…

Looks like a transparent bridge was deployed in front of the actual server, obtained dedicated certificates from #LetsEncrypt and MitMed all incoming client connections since July. It was discovered because the LE certificate expired 🤦

Encrypted traffic interception on Hetzner and Linode targeting the largest Russian XMPP (Jabber) messaging service —

notes.valdikss.org.ru
#xmpp #letsencrypt #hetzner #lawfulinterception #mitm