LINUX.ORG.RU
ФорумTalks

nokia aka man in the middle

 ,


0

1

http://gaurangkp.wordpress.com/2012/12/05/nokia-proxy/
http://gaurangkp.wordpress.com/2013/01/09/nokia-https-mitm/

Ъ: отправляют хттпс траффик через свои прокси, подсовывают свой сертификат, который телефон молча принимает и т.д.

★★★★★

Последнее исправление: invy (всего исправлений: 2)

Читать столько текста на чёрном фоне это извращение. Можно пересказ?

Deleted
()

karl dubost on January 10, 2013 at 11:37 am said:

(Disclosure: Working for Opera Software)

About Opera **MINI** it is the way the browser is working. It’s by design. It’s called a proxy browser. The Opera mini software on your device is a thin client, with no rendering engine for traditional html, js, etc. The thin client on the device takes the URL and sends it to an Opera server proxy which as the really rendering engine. The proxy makes the requests to the server and then sends back an interactive image format OBML (Opera Binary Markup Language), which is compressed and saves a lot of bandwidth. One of the costs being a more reduced set of features, in particular for everything animated.

If you need a full browser on your device, you need to install Opera Mobile (not available on all devices), this will have rendering engine, etc, and will not go through Opera proxy servers.

All of that said Opera has been always crystal clear about Opera Mini and Opera Mobile. Check the web site.

Alan_Steel ★★
()
Ответ на: комментарий от Alan_Steel

Это точно 2013 год? Вроде это как раз и так всем понятно давно.

Deleted
()
Ответ на: комментарий от Alan_Steel

(Disclosure: Working for Opera Software)

Это по двум ссылкам из топика копипаста или это просто в тему? Если топик создан по этому поводу, то ТС дикий слоупок.

name_no ★★
()
Ответ на: комментарий от name_no

нет, там речь идёт о стандартном браузере ноклы на некоторых телефонах.

Conclusion

From the tests that were preformed, it is evident that Nokia is performing Man In The Middle Attack for sensitive HTTPS traffic originated from their phone and hence they do have access to clear text information which could include user credentials to various sites such as social networking, banking, credit card information or anything that is sensitive in nature. In short, be it HTTP or HTTPS site when browsed through the phone in subject, Nokia has complete information unencrypted (in clear text format) available to them for them to use or abuse. Up on checking privacy statement in Nokia’s website following can be found.

invy ★★★★★
() автор топика
Последнее исправление: invy (всего исправлений: 1)
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.