some more info on recent pwning of security persons

Just moments ago I posted some headlines from the Black Hat/Defcon week/weekend. Marcin just linked me over to a story with more info on the recent attacks on some security researchers/persons (Shimel, pdp were the two I mentioned). I’m still wondering if they accidentally checked their accounts or had their systems pwned at Black Hat. However, they could also easily fall prey to an email sent to a web mail account that drops them elsewhere and steals their logins if cached…

My eye caught this snippet from the story:

Whoever broke into Petkov’s account was able to archive an entire email spool into an mbox file. Without knowing his password, the attackers most likely would have had to archive all 2GB message by message.

The last part is simply not true. Jay Beale gave a talk at Defcon about a new tool he and a coworker (I missed his name, Justin I think) have developed that will reroute traffic on the network to his machine and then start messing with the http packets to do all sorts of evil things like, oh, harvest all emails from a web-based mail account. The tool is called The Middler, and should soon be available. Here is the presentation which he didn’t come close to finishing in the 50 minute talk.