Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

vendredi 21 février 2014

Man-in-the-Middle Attack Against Email Synchronization (CERT-EU Security Advisory 2014-013)

The attack consists in spoofing a SSID of a WiFi network to which devices try to connect (most devices actively advertise SSIDs of all networks known to them). Once a device connects to such network and tries to synchronize e-mails, a malicious server inside the spoofed network may potentially be able to access the email credentials. In case the SSL is used, a such server may try to impersonate the target email server and perform the SSL handshake, if the device is set to accept self-signed certificates.

Lien vers l'article source

Auteur: Cert EU

Catégories: CertEUNombre de vues: 234


Événements SSI