 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Fri, Aug 6, 2010 at 10:39 AM, Richard Pieri <richard.pieri-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote: > On Aug 5, 2010, at 8:25 PM, Bill Bogstad wrote: >> >> That still sounds like it is running on one of the end points >> (client). ?In order to do that the end point has to have already been >> compromised. ? That's very different from manipulating the >> communications path between two secure end points. > > If you see the computer that the game client runs on as an end-point then yes, you are correct. ? If, however, you look at the game client as an end-point then it is an MitM attack. I had a long discussion with someone off line and I can see how MitM can even be defined as occurring entirely within the confines of a single computer. OTOH, such attacks require compromising the local machine. We know that Windows clients are frequently compromised. As with most operating systems, if the local machine is compromised all things are possible. Basically if you can't trust your local machine, you can't trust anything. So in the context of this conversation (network communications security), I don't see how the frequency of these WoW hacks are relevant. So we end up back with one instance in 20 years in the Boston metro area. Still previous frequency doesn't mean someone might not start trying to do something. I've always wondered about using ARP spoofing for the IP address of the local router in order to examine all traffic: http://www.hackinthebox.org/modules.php?op=modload&name=News&file=article&sid=12868&mode=thread&order=0&thold=0 Unfortunately for attackers, the wide use of NAT based home routers make this much less interesting. Compromising a Windows computer in your home and doing ARP spoofing from it is only going to let me see the Internet traffic for the rest of the machines in your household. Your neighbors security will be unaffected. I suppose if you keep a Windows machine around for gaming this is a way to do a MitM attack against more secure (Linux) machines. Given the rarity of such situations and the massive amounts of low hanging fruit elsewhere, unless someone is really trying to target you specifically I don't see anyone bothering to try to do this anytime soon. Trying to compromise the home router is more interesting and there have been a number of occasions when people have figured out how to jailbreak the router's GUI interface and get to the underlying Linux system. This plus default router passwords should be of concern. I vaguely remember reading about this kind of thing, but don't recall if it was theoretical or if people were actually seeing it used in the wild. Bill Bogstad
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
