SlideShare a Scribd company logo
No,$thank$you!
MAN$IN$THE$MIDDLE$?
Daniel$Schneller$–$CenterDevice$GmbH
SSL$–$and$you’re$done™
SSL$–$and$you’re$done™
SSL$–$and$you’re$done™
…are$you?
Mac$App$Store
Mac$App$Store
Mac$App$Store
Outbank
What$happened$to$SSL?
SSL$–$Chain$of$Trust
SSL$–$Chain$of$Trust
Root$CA$Cer)ficate
SSL$–$Chain$of$Trust
Root$CA$Cer)ficate
$Intermediate$CA$Cer)ficate(s)issues
SSL$–$Chain$of$Trust
Root$CA$Cer)ficate
$Intermediate$CA$Cer)ficate(s)
Leaf$Cer)ficate
issues
issues
SSL$–$Chain$of$Trust
SSL$–$Chain$of$Trust
SSL$–$Chain$of$Trust
SSL$–$Chain$of$Trust
SSL$–$Chain$of$Trust
SSL$–$Chain$of$Trust
Just$how$many$Root$CAs$
are$there?
System$Roots
System$Roots
System$Roots
Windows$8:$~350
Mozilla:$~160
iOS$6:$~220
Man$In$The$Middle?
Man$In$The$Middle
[Corporate]$Proxy Client
Man$In$The$Middle
[Corporate]$Proxy Client
Man$In$The$Middle
[Corporate]$Proxy Client
Man$In$The$Middle
Website [Corporate]$Proxy Client
Man$In$The$Middle
Website [Corporate]$Proxy Client
Man$In$The$Middle
Website [Corporate]$Proxy Client
Man$In$The$Middle
Website [Corporate]$Proxy Client
Man$In$The$Middle
Man$In$The$Middle
Man$In$The$Middle
Man$In$The$Middle
Man$In$The$Middle
Man$In$The$Middle
Consequences
•Monitoring
•ManipulaZon
•Sent$and$received$data$affected
•ChainOfTrust$formally$verified
Good$and$evil
•Debugging
•Reverse$Engineering
•Security$Audits
•Learning$and$Understanding
ReST$Debugging
Good$and$evil
•Phishing
•IdenZty$The`
•Industrial$Espionage
•…
Mac$App$Store
Mac$App$Store
Mac$App$Store
iTunes
iTunes
iTunes
Demo$1
Video$1
Video$2
Countermeasures
Reference$CerZficates
Reference$CerZficates
•Client$bundles$server$cerZficate$as$a$
reference
•Compare$reference$and$cerZficate$sent$by$
the$server$
•Connect$only$when$there’s$a$perfect$match
Reference$CerZficates
$Client$App$Server
Reference$CerZficates
$Client$App$Server
==
Reference$CerZficates
SecTrustResultType evaluationResult;
OSStatus status =
SecTrustEvaluate(srvTrust,
&evaluationResult);
if (status == errSecSuccess) {
if (evaluationResult == kSecTrustResultUnspecified) {
// ...
}
}
•Step$1:$$Validate$ChainofTrust
Reference$CerZficates
SecTrustResultType evaluationResult;
OSStatus status =
SecTrustEvaluate(srvTrust,
&evaluationResult);
if (status == errSecSuccess) {
if (evaluationResult == kSecTrustResultUnspecified) {
// ...
}
}
•Step$1:$$Validate$ChainofTrust
Reference$CerZficates
•Step$1:$$Validate$ChainofTrust
SecTrustResultType evaluationResult;
OSStatus status =
SecTrustEvaluate(srvTrust,
&evaluationResult);
if (status == errSecSuccess) {
if (evaluationResult == kSecTrustResultUnspecified) {
// ...
}
}
Reference$CerZficates
•Step$1:$$Validate$ChainofTrust
SecTrustResultType evaluationResult;
OSStatus status =
SecTrustEvaluate(srvTrust,
&evaluationResult);
if (status == errSecSuccess) {
if (evaluationResult == kSecTrustResultUnspecified) {
// ...
}
}
Reference$CerZficates
•Step$1:$$Validate$ChainofTrust
SecTrustResultType evaluationResult;
OSStatus status =
SecTrustEvaluate(srvTrust,
&evaluationResult);
if (status == errSecSuccess) {
if (evaluationResult == kSecTrustResultUnspecified) {
// ...
}
}
Reference$CerZficates
•Step$1:$$Validate$ChainofTrust
SecTrustResultType evaluationResult;
OSStatus status =
SecTrustEvaluate(srvTrust,
&evaluationResult);
if (status == errSecSuccess) {
if (evaluationResult == kSecTrustResultUnspecified) {
// ...
}
}
NSString *refPath =
[[NSBundle mainBundle] pathForResource:@"reference"
ofType:@"der"];
NSData *refCertData =
[[NSData alloc] initWithContentsOfFile:refPath];
Reference$CerZficates
•Step$2:$Load$Reference$CerZficate
NSString *refPath =
[[NSBundle mainBundle] pathForResource:@"reference"
ofType:@"der"];
NSData *refCertData =
[[NSData alloc] initWithContentsOfFile:refPath];
Reference$CerZficates
•Step$2:$Load$Reference$CerZficate
Reference$CerZficates
•Step$2:$Load$Reference$CerZficate
NSString *refPath =
[[NSBundle mainBundle] pathForResource:@"reference"
ofType:@"der"];
NSData *refCertData =
[[NSData alloc] initWithContentsOfFile:refPath];
Reference$CerZficates
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
found = [refCertData isEqualToData:certData];
}
•Step$3:$Compare$cerZficates
Reference$CerZficates
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
found = [refCertData isEqualToData:certData];
}
•Step$3:$Compare$cerZficates
Reference$CerZficates
•Step$3:$Compare$cerZficates
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
found = [refCertData isEqualToData:certData];
}
Reference$CerZficates
•Step$3:$Compare$cerZficates
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
found = [refCertData isEqualToData:certData];
}
Reference$CerZficates
•Step$3:$Compare$cerZficates
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
found = [refCertData isEqualToData:certData];
}
Reference$CerZficates
•Step$3:$Compare$cerZficates
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
found = [refCertData isEqualToData:certData];
}
Reference$CerZficates
•Step$3:$Compare$cerZficates
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
found = [refCertData isEqualToData:certData];
}
Demo$2
Video
FingerprinZng
FingerprinZng
•Similar$to$Reference$CerZficate$approach
•Compares$CerZficate$Fingerprint$against$
reference$value
•Server$CerZficate$not$needed$in$the$client
•Example:$$Apple$So`ware$Update
FingerprinZng$
$Client$App$Server
1122 3344 5566
7788 9900 AABB
CCDD EEFF 9988
7766
SHA-1 Hash
FingerprinZng$
$Client$App$Server
1122 3344 5566
7788 9900 AABB
CCDD EEFF 9988
7766
SHA-1 Hash
FingerprinZng$
$Client$App$Server
==
1122 3344 5566
7788 9900 AABB
CCDD EEFF 9988
7766
SHA-1 Hash
1122 3344 5566
7788 9900 AABB
CCDD EEFF 9988
7766
FingerprinZng
•Schrie$1:$ChainofTrust$validieren
SecTrustResultType evaluationResult;
OSStatus status =
SecTrustEvaluate(srvTrust,
&evaluationResult);
if (status == errSecSuccess) {
if (evaluationResult == kSecTrustResultUnspecified) {
// ...
}
}
FingerprinZng
static NSString* const kReferenceFP = @"AC .... DC";
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
NSString* fingerprint = [self sha1:certData];
found = [kReferenceFP isEqualToString:fingerprint]
}
•Schrie$2:$Fingerprint$berechnen
FingerprinZng
static NSString* const kReferenceFP = @"AC .... DC";
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
NSString* fingerprint = [self sha1:certData];
found = [kReferenceFP isEqualToString:fingerprint]
}
•Schrie$2:$Fingerprint$berechnen
FingerprinZng
•Schrie$2:$Fingerprint$berechnen
static NSString* const kReferenceFP = @"AC .... DC";
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
NSString* fingerprint = [self sha1:certData];
found = [kReferenceFP isEqualToString:fingerprint]
}
FingerprinZng
•Schrie$2:$Fingerprint$berechnen
static NSString* const kReferenceFP = @"AC .... DC";
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
NSString* fingerprint = [self sha1:certData];
found = [kReferenceFP isEqualToString:fingerprint]
}
FingerprinZng
•Schrie$2:$Fingerprint$berechnen
static NSString* const kReferenceFP = @"AC .... DC";
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
NSString* fingerprint = [self sha1:certData];
found = [kReferenceFP isEqualToString:fingerprint]
}
FingerprinZng
•Schrie$2:$Fingerprint$berechnen
static NSString* const kReferenceFP = @"AC .... DC";
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
NSString* fingerprint = [self sha1:certData];
found = [kReferenceFP isEqualToString:fingerprint]
}
FingerprinZng
•Schrie$2:$Fingerprint$berechnen
static NSString* const kReferenceFP = @"AC .... DC";
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
NSString* fingerprint = [self sha1:certData];
found = [kReferenceFP isEqualToString:fingerprint]
}
FingerprinZng
•Schrie$2:$Fingerprint$berechnen
static NSString* const kReferenceFP = @"AC .... DC";
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
NSString* fingerprint = [self sha1:certData];
found = [kReferenceFP isEqualToString:fingerprint]
}
FingerprinZng
•Schrie$2:$Fingerprint$berechnen
static NSString* const kReferenceFP = @"AC .... DC";
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
NSString* fingerprint = [self sha1:certData];
found = [kReferenceFP isEqualToString:fingerprint]
}
Demo$3
Video
Caveats
Caveats
•Change$of$CerZficate
•Expired
•Compromised
•Update$app$with$plenty$of$lead$Zme
•Temporarily$accept$old$and$new$
cerZficates
VariaZon
VariaZon
•Check$RootCerZficate$against$reference
•TradeOff:$Flexibility$vs.$Security
•Updates$only$required$when$changing$
RootCA
Conclusions
Conclusions
•SSL$provides
•ConfidenZality$(encrypted)
•AuthenZcity
•CA$system$(usually)$suffiecient
•More$Security$=$More$Work
Make$informed$
decisions!
Links
Sample,Code
•github.com/dschneller/mitmnothankyou
Tools
•github.com/ADVTOOLS/ADVcerZficator
•github.com/ADVTOOLS/ADVTrustStore
•www.apple.com/support/iphone/enterprise
•technet.microso`.com/enus/library/
cc754841.aspx
Links
TLS,Session,Cache
•developer.apple.com/library/ios/#qa/qa1727
Root6CA,Lists
•support.apple.com/kb/HT5012
•www.mozilla.org/projects/security/certs/
included/
•social.technet.microso`.com/wiki/contents/
arZcles/14215.windowsandwindowsphone8
sslrootcerZficateprogrammembercas.aspx
•Android:$Sepngs–Security–Trusted$CredenZals
Thank$you!
QuesZons$?
daniel.schneller@centerdevice.de
$$$$$@dschneller
That’s$all.$Really.$:)
Demo$1
Standard$SSL,$
MITM$RootCA$
not$installiert
zurück

More Related Content

What's hot

JWT - To authentication and beyond!
JWT - To authentication and beyond!JWT - To authentication and beyond!
JWT - To authentication and beyond!
Luís Cobucci
 
R57shell
R57shellR57shell
R57shell
ady36
 
Make Your SW Component Testable
Make Your SW Component TestableMake Your SW Component Testable
Make Your SW Component Testable
Li-Wei Cheng
 
Central Stats
Central Stats Central Stats
Central Stats
andy biggin
 
Adding Dependency Injection to Legacy Applications
Adding Dependency Injection to Legacy ApplicationsAdding Dependency Injection to Legacy Applications
Adding Dependency Injection to Legacy Applications
Sam Hennessy
 
Document Classification In PHP
Document Classification In PHPDocument Classification In PHP
Document Classification In PHP
Ian Barber
 
Document Classification In PHP - Slight Return
Document Classification In PHP - Slight ReturnDocument Classification In PHP - Slight Return
Document Classification In PHP - Slight Return
Ian Barber
 
PHPUnit elevato alla Symfony2
PHPUnit elevato alla Symfony2PHPUnit elevato alla Symfony2
PHPUnit elevato alla Symfony2
eugenio pombi
 
Your code is not a string
Your code is not a stringYour code is not a string
Your code is not a string
Ingvar Stepanyan
 
Security Slicing for Auditing XML, XPath, and SQL Injection Vulnerabilities
Security Slicing for Auditing XML, XPath, and SQL Injection VulnerabilitiesSecurity Slicing for Auditing XML, XPath, and SQL Injection Vulnerabilities
Security Slicing for Auditing XML, XPath, and SQL Injection Vulnerabilities
Lionel Briand
 
Top 10 php classic traps confoo
Top 10 php classic traps confooTop 10 php classic traps confoo
Top 10 php classic traps confoo
Damien Seguy
 
Drupal 8 database api
Drupal 8 database apiDrupal 8 database api
Drupal 8 database api
Viswanath Polaki
 
Input sanitization
Input sanitizationInput sanitization
Input sanitization
Philip Tellis
 
Open Source Search: An Analysis
Open Source Search: An AnalysisOpen Source Search: An Analysis
Open Source Search: An Analysis
Justin Finkelstein
 
Your code sucks, let's fix it - PHP Master Series 2012
Your code sucks, let's fix it - PHP Master Series 2012Your code sucks, let's fix it - PHP Master Series 2012
Your code sucks, let's fix it - PHP Master Series 2012
Rafael Dohms
 
Perl object ?
Perl object ?Perl object ?
Perl object ?
ℕicolas ℝ.
 
Introduction to Domain-Driven Design
Introduction to Domain-Driven DesignIntroduction to Domain-Driven Design
Introduction to Domain-Driven Design
Yoan-Alexander Grigorov
 
Object::Franger: Wear a Raincoat in your Code
Object::Franger: Wear a Raincoat in your CodeObject::Franger: Wear a Raincoat in your Code
Object::Franger: Wear a Raincoat in your Code
Workhorse Computing
 
Drupal - dbtng 25th Anniversary Edition
Drupal - dbtng 25th Anniversary EditionDrupal - dbtng 25th Anniversary Edition
Drupal - dbtng 25th Anniversary Edition
ddiers
 
Dip Your Toes in the Sea of Security (PHP South Africa 2017)
Dip Your Toes in the Sea of Security (PHP South Africa 2017)Dip Your Toes in the Sea of Security (PHP South Africa 2017)
Dip Your Toes in the Sea of Security (PHP South Africa 2017)
James Titcumb
 

What's hot (20)

JWT - To authentication and beyond!
JWT - To authentication and beyond!JWT - To authentication and beyond!
JWT - To authentication and beyond!
 
R57shell
R57shellR57shell
R57shell
 
Make Your SW Component Testable
Make Your SW Component TestableMake Your SW Component Testable
Make Your SW Component Testable
 
Central Stats
Central Stats Central Stats
Central Stats
 
Adding Dependency Injection to Legacy Applications
Adding Dependency Injection to Legacy ApplicationsAdding Dependency Injection to Legacy Applications
Adding Dependency Injection to Legacy Applications
 
Document Classification In PHP
Document Classification In PHPDocument Classification In PHP
Document Classification In PHP
 
Document Classification In PHP - Slight Return
Document Classification In PHP - Slight ReturnDocument Classification In PHP - Slight Return
Document Classification In PHP - Slight Return
 
PHPUnit elevato alla Symfony2
PHPUnit elevato alla Symfony2PHPUnit elevato alla Symfony2
PHPUnit elevato alla Symfony2
 
Your code is not a string
Your code is not a stringYour code is not a string
Your code is not a string
 
Security Slicing for Auditing XML, XPath, and SQL Injection Vulnerabilities
Security Slicing for Auditing XML, XPath, and SQL Injection VulnerabilitiesSecurity Slicing for Auditing XML, XPath, and SQL Injection Vulnerabilities
Security Slicing for Auditing XML, XPath, and SQL Injection Vulnerabilities
 
Top 10 php classic traps confoo
Top 10 php classic traps confooTop 10 php classic traps confoo
Top 10 php classic traps confoo
 
Drupal 8 database api
Drupal 8 database apiDrupal 8 database api
Drupal 8 database api
 
Input sanitization
Input sanitizationInput sanitization
Input sanitization
 
Open Source Search: An Analysis
Open Source Search: An AnalysisOpen Source Search: An Analysis
Open Source Search: An Analysis
 
Your code sucks, let's fix it - PHP Master Series 2012
Your code sucks, let's fix it - PHP Master Series 2012Your code sucks, let's fix it - PHP Master Series 2012
Your code sucks, let's fix it - PHP Master Series 2012
 
Perl object ?
Perl object ?Perl object ?
Perl object ?
 
Introduction to Domain-Driven Design
Introduction to Domain-Driven DesignIntroduction to Domain-Driven Design
Introduction to Domain-Driven Design
 
Object::Franger: Wear a Raincoat in your Code
Object::Franger: Wear a Raincoat in your CodeObject::Franger: Wear a Raincoat in your Code
Object::Franger: Wear a Raincoat in your Code
 
Drupal - dbtng 25th Anniversary Edition
Drupal - dbtng 25th Anniversary EditionDrupal - dbtng 25th Anniversary Edition
Drupal - dbtng 25th Anniversary Edition
 
Dip Your Toes in the Sea of Security (PHP South Africa 2017)
Dip Your Toes in the Sea of Security (PHP South Africa 2017)Dip Your Toes in the Sea of Security (PHP South Africa 2017)
Dip Your Toes in the Sea of Security (PHP South Africa 2017)
 

Viewers also liked

Man In The Middle - Hacking Illustrated
Man In The Middle - Hacking IllustratedMan In The Middle - Hacking Illustrated
Man In The Middle - Hacking Illustrated
InfoSec Institute
 
Al Live: Filtering: The Man in the Middle
Al Live: Filtering: The Man in the MiddleAl Live: Filtering: The Man in the Middle
Al Live: Filtering: The Man in the Middle
ALATechSource
 
Man in the Middle? - Nein, danke!
Man in the Middle? - Nein, danke!Man in the Middle? - Nein, danke!
Man in the Middle? - Nein, danke!
Daniel Schneller
 
Cross Site Scripting (XSS)
Cross Site Scripting (XSS)Cross Site Scripting (XSS)
Cross Site Scripting (XSS)
OWASP Khartoum
 
Unauthorized access, Men in the Middle (MITM)
Unauthorized access, Men in the Middle (MITM)Unauthorized access, Men in the Middle (MITM)
Unauthorized access, Men in the Middle (MITM)
Balvinder Singh
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
kinish kumar
 
man in the middle
man in the middleman in the middle
man in the middle
apurv_verma007
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
Amit Tyagi
 
Man in the Middle Atack
Man in the Middle AtackMan in the Middle Atack
Man in the Middle Atack
SDU CYBERLAB
 
Disruption in Digital Banking
Disruption in Digital BankingDisruption in Digital Banking
Disruption in Digital Banking
Backbase
 
Cyber security
Cyber securityCyber security
Cyber security
Siblu28
 

Viewers also liked (11)

Man In The Middle - Hacking Illustrated
Man In The Middle - Hacking IllustratedMan In The Middle - Hacking Illustrated
Man In The Middle - Hacking Illustrated
 
Al Live: Filtering: The Man in the Middle
Al Live: Filtering: The Man in the MiddleAl Live: Filtering: The Man in the Middle
Al Live: Filtering: The Man in the Middle
 
Man in the Middle? - Nein, danke!
Man in the Middle? - Nein, danke!Man in the Middle? - Nein, danke!
Man in the Middle? - Nein, danke!
 
Cross Site Scripting (XSS)
Cross Site Scripting (XSS)Cross Site Scripting (XSS)
Cross Site Scripting (XSS)
 
Unauthorized access, Men in the Middle (MITM)
Unauthorized access, Men in the Middle (MITM)Unauthorized access, Men in the Middle (MITM)
Unauthorized access, Men in the Middle (MITM)
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
 
man in the middle
man in the middleman in the middle
man in the middle
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
 
Man in the Middle Atack
Man in the Middle AtackMan in the Middle Atack
Man in the Middle Atack
 
Disruption in Digital Banking
Disruption in Digital BankingDisruption in Digital Banking
Disruption in Digital Banking
 
Cyber security
Cyber securityCyber security
Cyber security
 

Similar to Man in the Middle? - No, thank you!

Dip Your Toes in the Sea of Security (CoderCruise 2017)
Dip Your Toes in the Sea of Security (CoderCruise 2017)Dip Your Toes in the Sea of Security (CoderCruise 2017)
Dip Your Toes in the Sea of Security (CoderCruise 2017)
James Titcumb
 
Dip Your Toes in the Sea of Security (PHP Berkshire Nov 2015)
Dip Your Toes in the Sea of Security (PHP Berkshire Nov 2015)Dip Your Toes in the Sea of Security (PHP Berkshire Nov 2015)
Dip Your Toes in the Sea of Security (PHP Berkshire Nov 2015)
James Titcumb
 
Teaching Your Machine To Find Fraudsters
Teaching Your Machine To Find FraudstersTeaching Your Machine To Find Fraudsters
Teaching Your Machine To Find Fraudsters
Ian Barber
 
Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)
Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)
Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)
James Titcumb
 
Dip Your Toes in the Sea of Security
Dip Your Toes in the Sea of SecurityDip Your Toes in the Sea of Security
Dip Your Toes in the Sea of Security
James Titcumb
 
Dip Your Toes in the Sea of Security (DPC 2015)
Dip Your Toes in the Sea of Security (DPC 2015)Dip Your Toes in the Sea of Security (DPC 2015)
Dip Your Toes in the Sea of Security (DPC 2015)
James Titcumb
 
Dip Your Toes in the Sea of Security (IPC Fall 2017)
Dip Your Toes in the Sea of Security (IPC Fall 2017)Dip Your Toes in the Sea of Security (IPC Fall 2017)
Dip Your Toes in the Sea of Security (IPC Fall 2017)
James Titcumb
 
Dip Your Toes in the Sea of Security (PHP Cambridge)
Dip Your Toes in the Sea of Security (PHP Cambridge)Dip Your Toes in the Sea of Security (PHP Cambridge)
Dip Your Toes in the Sea of Security (PHP Cambridge)
James Titcumb
 
MongoDB Analytics
MongoDB AnalyticsMongoDB Analytics
MongoDB Analytics
datablend
 
Powershell for Log Analysis and Data Crunching
 Powershell for Log Analysis and Data Crunching Powershell for Log Analysis and Data Crunching
Powershell for Log Analysis and Data Crunching
Michelle D'israeli
 
Dip Your Toes In The Sea Of Security (PHPNW16)
Dip Your Toes In The Sea Of Security (PHPNW16)Dip Your Toes In The Sea Of Security (PHPNW16)
Dip Your Toes In The Sea Of Security (PHPNW16)
James Titcumb
 
R57.Php
R57.PhpR57.Php
R57.Php
guest63876e
 
Rust ⇋ JavaScript
Rust ⇋ JavaScriptRust ⇋ JavaScript
Rust ⇋ JavaScript
Ingvar Stepanyan
 
Encryption Boot Camp on the JVM
Encryption Boot Camp on the JVMEncryption Boot Camp on the JVM
Encryption Boot Camp on the JVM
Matthew McCullough
 
Introdução ao Perl 6
Introdução ao Perl 6Introdução ao Perl 6
Introdução ao Perl 6
garux
 
An OCaml newbie meets Camlp4 parser
An OCaml newbie meets Camlp4 parserAn OCaml newbie meets Camlp4 parser
An OCaml newbie meets Camlp4 parser
Kiwamu Okabe
 
Static Typing in Vault
Static Typing in VaultStatic Typing in Vault
Static Typing in Vault
GlynnForrest
 
php global $bsize,$playerToken,$myToken,$gameOver,$winArr,$rowAr.pdf
php global $bsize,$playerToken,$myToken,$gameOver,$winArr,$rowAr.pdfphp global $bsize,$playerToken,$myToken,$gameOver,$winArr,$rowAr.pdf
php global $bsize,$playerToken,$myToken,$gameOver,$winArr,$rowAr.pdf
anjalitimecenter11
 
Cargo Cult Security UJUG Sep2015
Cargo Cult Security UJUG Sep2015Cargo Cult Security UJUG Sep2015
Cargo Cult Security UJUG Sep2015
Derrick Isaacson
 
Dip Your Toes in the Sea of Security (phpDay 2016)
Dip Your Toes in the Sea of Security (phpDay 2016)Dip Your Toes in the Sea of Security (phpDay 2016)
Dip Your Toes in the Sea of Security (phpDay 2016)
James Titcumb
 

Similar to Man in the Middle? - No, thank you! (20)

Dip Your Toes in the Sea of Security (CoderCruise 2017)
Dip Your Toes in the Sea of Security (CoderCruise 2017)Dip Your Toes in the Sea of Security (CoderCruise 2017)
Dip Your Toes in the Sea of Security (CoderCruise 2017)
 
Dip Your Toes in the Sea of Security (PHP Berkshire Nov 2015)
Dip Your Toes in the Sea of Security (PHP Berkshire Nov 2015)Dip Your Toes in the Sea of Security (PHP Berkshire Nov 2015)
Dip Your Toes in the Sea of Security (PHP Berkshire Nov 2015)
 
Teaching Your Machine To Find Fraudsters
Teaching Your Machine To Find FraudstersTeaching Your Machine To Find Fraudsters
Teaching Your Machine To Find Fraudsters
 
Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)
Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)
Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)
 
Dip Your Toes in the Sea of Security
Dip Your Toes in the Sea of SecurityDip Your Toes in the Sea of Security
Dip Your Toes in the Sea of Security
 
Dip Your Toes in the Sea of Security (DPC 2015)
Dip Your Toes in the Sea of Security (DPC 2015)Dip Your Toes in the Sea of Security (DPC 2015)
Dip Your Toes in the Sea of Security (DPC 2015)
 
Dip Your Toes in the Sea of Security (IPC Fall 2017)
Dip Your Toes in the Sea of Security (IPC Fall 2017)Dip Your Toes in the Sea of Security (IPC Fall 2017)
Dip Your Toes in the Sea of Security (IPC Fall 2017)
 
Dip Your Toes in the Sea of Security (PHP Cambridge)
Dip Your Toes in the Sea of Security (PHP Cambridge)Dip Your Toes in the Sea of Security (PHP Cambridge)
Dip Your Toes in the Sea of Security (PHP Cambridge)
 
MongoDB Analytics
MongoDB AnalyticsMongoDB Analytics
MongoDB Analytics
 
Powershell for Log Analysis and Data Crunching
 Powershell for Log Analysis and Data Crunching Powershell for Log Analysis and Data Crunching
Powershell for Log Analysis and Data Crunching
 
Dip Your Toes In The Sea Of Security (PHPNW16)
Dip Your Toes In The Sea Of Security (PHPNW16)Dip Your Toes In The Sea Of Security (PHPNW16)
Dip Your Toes In The Sea Of Security (PHPNW16)
 
R57.Php
R57.PhpR57.Php
R57.Php
 
Rust ⇋ JavaScript
Rust ⇋ JavaScriptRust ⇋ JavaScript
Rust ⇋ JavaScript
 
Encryption Boot Camp on the JVM
Encryption Boot Camp on the JVMEncryption Boot Camp on the JVM
Encryption Boot Camp on the JVM
 
Introdução ao Perl 6
Introdução ao Perl 6Introdução ao Perl 6
Introdução ao Perl 6
 
An OCaml newbie meets Camlp4 parser
An OCaml newbie meets Camlp4 parserAn OCaml newbie meets Camlp4 parser
An OCaml newbie meets Camlp4 parser
 
Static Typing in Vault
Static Typing in VaultStatic Typing in Vault
Static Typing in Vault
 
php global $bsize,$playerToken,$myToken,$gameOver,$winArr,$rowAr.pdf
php global $bsize,$playerToken,$myToken,$gameOver,$winArr,$rowAr.pdfphp global $bsize,$playerToken,$myToken,$gameOver,$winArr,$rowAr.pdf
php global $bsize,$playerToken,$myToken,$gameOver,$winArr,$rowAr.pdf
 
Cargo Cult Security UJUG Sep2015
Cargo Cult Security UJUG Sep2015Cargo Cult Security UJUG Sep2015
Cargo Cult Security UJUG Sep2015
 
Dip Your Toes in the Sea of Security (phpDay 2016)
Dip Your Toes in the Sea of Security (phpDay 2016)Dip Your Toes in the Sea of Security (phpDay 2016)
Dip Your Toes in the Sea of Security (phpDay 2016)
 

Recently uploaded

HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
Techgropse Pvt.Ltd.
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
David Brossard
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 

Recently uploaded (20)

HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 

Man in the Middle? - No, thank you!