<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>man-in-the-middle attacks &#8211; Noise</title>
	<atom:link href="https://noise.getoto.net/tag/man-in-the-middle-attacks/feed/" rel="self" type="application/rss+xml" />
	<link>https://noise.getoto.net</link>
	<description>The collective thoughts of the interwebz</description>
	<lastBuildDate>Wed, 10 Jul 2024 14:42:11 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.8.2</generator>
	<item>
		<title>RADIUS Vulnerability</title>
		<link>https://noise.getoto.net/2024/07/10/radius-vulnerability/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 10 Jul 2024 14:42:11 +0000</pubDate>
				<category><![CDATA[academic papers]]></category>
		<category><![CDATA[authentication]]></category>
		<category><![CDATA[man-in-the-middle attacks]]></category>
		<category><![CDATA[protocols]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69136</guid>

					<description><![CDATA[<p><a href="https://www.blastradius.fail/">New attack</a> against the RADIUS authentication protocol:</p>
<blockquote><p>The Blast-RADIUS attack allows a man-in-the-middle attacker between the RADIUS client and server to forge a valid protocol accept message in response to a failed authentication request. This forgery could give the attacker access to network devices and services without the attacker guessing or brute forcing passwords or shared secrets. The attacker does not learn user credentials.</p></blockquote>
<p>This is one of those vulnerabilities that comes with a cool name, its own website, and a logo.</p>
<p>News <a href="https://www.bleepingcomputer.com/news/security/new-blast-radius-attack-bypasses-widely-used-radius-authentication/">article</a>. Research ...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>New Bluetooth Attack</title>
		<link>https://noise.getoto.net/2023/12/08/new-bluetooth-attack/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 08 Dec 2023 12:05:19 +0000</pubDate>
				<category><![CDATA[authentication]]></category>
		<category><![CDATA[bluetooth]]></category>
		<category><![CDATA[cyberattack]]></category>
		<category><![CDATA[man-in-the-middle attacks]]></category>
		<category><![CDATA[secrecy]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68176</guid>

					<description><![CDATA[<p>New attack <a href="https://www.cvedetails.com/cve/CVE-2023-24023/">breaks</a> forward secrecy in Bluetooth.</p>
<p><a href="https://www.theregister.com/2023/12/06/bluetooth_bug_apple_linux/">Three</a> <a href="https://thehackernews.com/2023/12/new-bluffs-bluetooth-attack-expose.html">news</a> <a href="https://www.bleepingcomputer.com/news/security/new-bluffs-attack-lets-attackers-hijack-bluetooth-connections/">articles</a>:</p>
<blockquote><p>BLUFFS is a <a href="https://francozappa.github.io/post/2023/bluffs-ccs23/">series of exploits</a> targeting Bluetooth, aiming to break Bluetooth sessions’ forward and future secrecy, compromising the confidentiality of past and future communications between devices.</p>
<p>This is achieved by exploiting four flaws in the session key derivation process, two of which are new, to force the derivation of a short, thus weak and predictable session key (SKC).</p>
<p>Next, the attacker brute-forces the key, enabling them to decrypt past communication and decrypt or manipulate future communications...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Messaging Service Wiretap Discovered through Expired TLS Cert</title>
		<link>https://noise.getoto.net/2023/10/27/messaging-service-wiretap-discovered-through-expired-tls-cert/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 27 Oct 2023 11:01:00 +0000</pubDate>
				<category><![CDATA[certificates]]></category>
		<category><![CDATA[man-in-the-middle attacks]]></category>
		<category><![CDATA[Privacy]]></category>
		<category><![CDATA[surveillance]]></category>
		<category><![CDATA[TLS]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68004</guid>

					<description><![CDATA[<p>Fascinating <a href="https://therecord.media/jabber-ru-alleged-government-wiretap-expired-tls-certificate">story</a> of a covert wiretap that was discovered because of an expired TLS certificate:</p>
<blockquote><p>The suspected man-in-the-middle attack was identified when the administrator of jabber.ru, the largest Russian XMPP service, received a notification that one of the servers’ certificates had expired.</p>
<p>However, jabber.ru found no expired certificates on the server, ­ as explained in <a href="https://notes.valdikss.org.ru/jabber.ru-mitm/">a blog post</a> by ValdikSS, a pseudonymous anti-censorship researcher based in Russia who collaborated on the investigation.</p>
<p>The expired certificate was instead discovered on a single port being used by the service to establish an encrypted Transport Layer Security (TLS) connection with users. Before it had expired, it would have allowed someone to decrypt the traffic being exchanged over the service...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Man-in-the-Middle Phishing Attack</title>
		<link>https://noise.getoto.net/2022/08/25/man-in-the-middle-phishing-attack/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 25 Aug 2022 11:45:17 +0000</pubDate>
				<category><![CDATA[authentication]]></category>
		<category><![CDATA[man-in-the-middle attacks]]></category>
		<category><![CDATA[Phishing]]></category>
		<category><![CDATA[scams]]></category>
		<category><![CDATA[two-factor authentication]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65804</guid>

					<description><![CDATA[<p>Here’s a <a href="https://arstechnica.com/information-technology/2022/07/microsoft-details-phishing-campaign-that-can-hijack-mfa-protected-accounts/">phishing campaign</a> that uses a man-in-the-middle attack to defeat multi-factor authentication:</p>
<blockquote><p>Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into. When the user entered a password into the proxy site, the proxy site sent it to the real server and then relayed the real server’s response back to the user. Once the authentication was completed, the threat actor stole the session cookie the legitimate site sent, so the user doesn’t need to be reauthenticated at every new page visited. The campaign began with a phishing email with an HTML attachment leading to the proxy server...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>New Bluetooth Vulnerability</title>
		<link>https://noise.getoto.net/2020/09/17/new-bluetooth-vulnerability/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 17 Sep 2020 11:18:27 +0000</pubDate>
				<category><![CDATA[authentication]]></category>
		<category><![CDATA[bluetooth]]></category>
		<category><![CDATA[iPhone]]></category>
		<category><![CDATA[man-in-the-middle attacks]]></category>
		<category><![CDATA[patching]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=60212</guid>

					<description><![CDATA[<p>There&#8217;s a new unpatched <a href="https://gizmodo.com/bluetooth-unveils-its-latest-security-issue-with-no-se-1845013709">Bluetooth vulnerability</a>:</p>
<blockquote><p>The issue is with a protocol called Cross-Transport Key Derivation (or CTKD, for short). When, say, an iPhone is getting ready to pair up with Bluetooth-powered device, CTKD&#8217;s role is to set up two separate authentication keys for that phone: one for a &#8220;Bluetooth Low Energy&#8221; device, and one for a device using what&#8217;s known as the &#8220;Basic Rate/Enhanced Data Rate&#8221; standard. Different devices require different amounts of data &#8212; and battery power &#8212; from a phone. Being able to toggle between the standards needed for Bluetooth devices that take a ton of data (like a Chromecast), and those that require a bit less (like a smartwatch) is more efficient. Incidentally, it might also be less secure...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Interesting Attack on the EMV Smartcard Payment Standard</title>
		<link>https://noise.getoto.net/2020/09/14/interesting-attack-on-the-emv-smartcard-payment-standard/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 14 Sep 2020 11:21:36 +0000</pubDate>
				<category><![CDATA[academic papers]]></category>
		<category><![CDATA[credit cards]]></category>
		<category><![CDATA[fraud]]></category>
		<category><![CDATA[man-in-the-middle attacks]]></category>
		<category><![CDATA[pins]]></category>
		<category><![CDATA[point of sale]]></category>
		<category><![CDATA[smart cards]]></category>
		<category><![CDATA[smartphones]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=60190</guid>

					<description><![CDATA[<p>It&#8217;s <a href="https://arxiv.org/pdf/2006.08249.pdf">complicated</a>, but it&#8217;s basically a man-in-the-middle attack that involves two smartphones. The first phone reads the actual smartcard, and then forwards the required information to a second phone. That second phone actually conducts the transaction on the POS terminal. That second phone is able to convince the POS terminal to conduct the transaction without requiring the normally required PIN.</p>
<p>From a <a href="https://techxplore.com/news/2020-09-outsmarting-pin-code.html">news article</a>:</p>
<blockquote><p>The researchers were able to demonstrate that it is possible to exploit the vulnerability in practice, although it is a fairly complex process. They first developed an Android app and installed it on two NFC-enabled mobile phones. This allowed the two devices to read data from the credit card chip and exchange information with payment terminals. Incidentally, the researchers did not have to bypass any special security features in the Android operating system to install the app...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
	</channel>
</rss>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/

Object Caching 34/132 objects using Memcached
Page Caching using Disk: Enhanced 
Lazy Loading (feed)
Database Caching using Memcached

Served from: noise.getoto.net @ 2025-12-10 02:28:59 by W3 Total Cache
-->