HackerTrans
TopNewTrendsCommentsPastAskShowJobs

birgelee

no profile record

comments

birgelee
·قبل 4 سنوات·discuss
Hi, I am one of the authors of this blog post, and I felt it would be relevant to mention that this attack (where HTTPS traffic is forwarded back to the victim before a certificate is issued) is actually exactly what we did in our live demo at HotPETS 2017: https://www.youtube.com/watch?v=TYBq2ammTRg

In the case of the KLAYswap attack, based on public routing data, it is highly unlikely the adversary forwarded any traffic back to Kakao. As mentioned in the comments, certificate issuance only takes seconds, so it would not have been a very noticeable outage. Also, the adversary did not seem to mind causing connectivity issues given that they actually checked the referer HTTP header to only serve their malicious JS file to people that were downloading it from KLAYswap.

Best, Henry