IE SSL Exploit

[Mike Benham <moxie () thoughtcrime org>]

This is a follow-up to my previous advisory:
http://online.securityfocus.com/archive/1/286290/2002-07-31/2002-08-06/0

Thanks to everyone who helped verify the vulnerability.

I've written a small tool (sslsniff) that demonstrates the severity of
this vulnerability in a real-world setting.  It performs undetected
hijacking/sniffing of IE SSL sessions, even on a switched network.

It can be found at http://www.thoughtcrime.org/ie.html

Still no word from Microsoft.

- Mike

--
http://www.thoughtcrime.org