Man in the Middle SSL-Self Signed Attack Exchange 2007/2010

by butsch 13. October 2012 05:29

Windows Mobile is the only mobile device range which is not cheatable with the man in the middle SSL-Spoof.

IOS 5 and current Android may be unsafe currently if you use self signed SSL Cert for the Activesync IIS Site.

Explained For non IT-managers (people who pay IT people and reduce their budget)

1) If you are a Small Business
2) You run Exchange 2003/2007/2010 SBS
3) You don't want to invest in a official SA/UC certificate
4) You internal Administrator has come up with an inexpensive solution of Self Signed SSL (because you dont' want to spend USD 300.- per year)
5) Your employee visits a hotel or meeting room with a faked free WIFI (A hacker does a man in the middle split). He checks mail with his Iphone.
6) The IPHOEN or Android connets to the fakes exchange / the hacker sniffs the traffic.
7) Hacker sens Remote wipe signal
8) Your mobile data is gone



Exchange 2007 | Exchange 2010

Comments are closed

Werbung von Drittfirmen (Nicht Butsch Informatik):

Werbung von Drittfirmen via Google Adsense: