Comment by icebraining
8 years ago
Clearly we have different concepts of "roughly equivalent" :) One means everyone on your network can trivially serve you trojanized binaries, the other doesn't.
8 years ago
Clearly we have different concepts of "roughly equivalent" :) One means everyone on your network can trivially serve you trojanized binaries, the other doesn't.
I think hacking a web server is a lot easier than hacking a network connection. Hacking web servers is well within the capabilities of your average vandal, while hacking network links in order to perform a MitM attack requires significant resources (e.g., those of a large criminal syndicate or an intelligence service, but I repeat myself).
Edited to add: ARP-spoofing the right LAN requires spearphishing and APT, which I think also require significant resources.
Sure, against a complete stranger the web server might be more vulnerable, but sometimes the attackers are already in our LANs :)
I was thinking more about employees, or students at universities, or such. I believe I've seen tools that ARP-spoof and then automatically detect downloads of ELF or PE files and trojanize them, all without requiring almost any knowledge from the attacker. I don't know if any of these tools detect Putty and fix its signature too, but it wouldn't be hard to do.