work and IT @ 10 Oct 2008 12:26 pm by ayoi
Ok this is the update of my last post on the maintenance notice by linkedin.com website. Sadly, it is not because of this website vulnerable to The Middler attack. Initially at the logon page, everything is nice. Even the url is impressive enuff https://www.linkedin.com/secure/login?trk=hb_signin
But when you typed in your authentication information, you will be redirected to…
Normal http channel. Meaning perhaps if you are patient and crazy enuff, you might be able to sniff the communication, rebuild any content or perhaps hijacking the session.. Oh yeah, might as well just use The Middler which saves lot of your time tho.
Thankfully Jay Beal yet to release the tool. When the moment comes, expect couple of hundreds poor victim suffers from the attack by this tool. Maybe couple of hundreds is lil optimistic numbers from me, maybe couple of hundreds or even thousands of people will download this tool once it’s published 
I guess those guys at Linkedin.com feel that the impact that The Middler will have on their users is not that severe at all.
That’s only my guess
