http://netvouz.com/falko/tag/man-in-the-middle?feed=rss falko's bookmarks tagged "man-in-the-middle" on Netvouz http://www.howtoforge.com/ssl_vpn_one_time_passcodes_mutual_authentication SSL-based VPNs were designed to eliminate the need for complex configurations on the user's PC. Unfortunately, that was before the dangers of public WiFi networks and tougher regulatory requirements came into being. Thanks to WiFi, many attacks that were difficult are now quite simple. In particular, a man-in-the-middle attack can intercept SSL-encrypted traffic, rendering SSL-based VPNs useless - even if it is protected by a typical one-time password system. The man-in-the-middle can easily feed the one-time password into the SSL-based VPN within the alloted time. falko Mon, 02 Jul 2007 10:04:06 GMT