Man in the Middle SSL-Self Signed Attack Exchange 2007/2010

by butsch 13. October 2012 05:29

Windows Mobile is the only mobile device range which is not cheatable with the man in the middle SSL-Spoof.

IOS 5 and current Android may be unsafe currently if you use self signed SSL Cert for the Activesync IIS Site.

Explained For non IT-managers (people who pay IT people and reduce their budget)

1) If you are a Small Business
2) You run Exchange 2003/2007/2010 SBS
3) You don't want to invest in a official SA/UC certificate
4) You internal Administrator has come up with an inexpensive solution of Self Signed SSL (because you dont' want to spend USD 300.- per year)
5) Your employee visits a hotel or meeting room with a faked free WIFI (A hacker does a man in the middle split). He checks mail with his Iphone.
6) The IPHOEN or Android connets to the fakes exchange / the hacker sniffs the traffic.
7) Hacker sens Remote wipe signal
8) Your mobile data is gone

  

http://www.wpcentral.com/windows-phone-dodges-black-hat-2012-certificate-vulnerability

http://www.blackhat.com/usa/bh-us-12-briefings.html

http://searchsecurity.techtarget.com/news/2240160456/Black-Hat-2012-SSL-handling-weakness-leads-to-remote-wipe-hack

 

Tags:

Exchange 2007 | Exchange 2010

Submit to DotNetKicks...
Permalink | Comments (0)
Comments are closed

Werbung von Drittfirmen (Nicht Butsch Informatik):

CategoryList

PostList
Werbung von Drittfirmen via Google Adsense: