If this attack involves "simply sniffing TCP 445" why not just MITM the whole session?
The state of security is becoming an over-hyped sideshow of late where the most trivial attacks, which would work maybe 1% of the time in the wild, are getting mass exposure.
I have a 0day in RHEL 5, you simply need to log onto the machine as root and run this script...
"If this attack involves "simply sniffing TCP 445" why not just MITM the whole session?"
Because it doesn't. The attack involves using a bug in IE (an iframe will render cookie data from the local computer) with clickjacking to steal cookie information. Sniffing on port 445 is only mentioned in the context of figuring out the username of your target (by causing the target to connect to your SMB server, running on port 445).
I'd suggest you go back and re-read the whole page before making sweeping generalizations.
The state of security is becoming an over-hyped sideshow of late where the most trivial attacks, which would work maybe 1% of the time in the wild, are getting mass exposure.
I have a 0day in RHEL 5, you simply need to log onto the machine as root and run this script...