Talk:Transport Layer Protection Cheat Sheet

Revision as of 01:21, 21 February 2012 by Jmanico (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Make the warning about "no such thing as internal network" more prominent. There are several types of attacks that can be conducted by using ARP spoofing and MitM an SSL/TLS session. One of the most interesting is hijacking credentials to virtual machine provisioning interfaces, then reusing the credentials to create malicious VMs, boot existing VMs off of untrusted media, etc. I think this is an overlooked issue with SSL since most of the focus is on ecommerce.