There was a man-in-the-middle attack on bitcointalk on Dec 2013.
News: If you used your password to login between 06:00 Dec 1 UTC and 20:00 UTC, then your password may have been captured in a man-in-the-middle attack, and you should change your password here and wherever else you used it. If you were only logged in via the "remember me" feature, then you're OK.
How was this executed? Didn't bitcointalk use SSL? Are there technical details on the attack vector?
The general description has been given before me.Here are technical details on the attack vector.
Assuming the following:
Ettercap includes modules for ARP, DNS and DHCP "interventions", and supports direct SSL MITM
Sure. They just hacked their cloudflare account, and set different IP address for the domain bitcointalk. Therefore, every visitor was actually logging into malicious form.
In cryptography and computer security Man in the Middle is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances (for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle).
Bitcointalk uses SSL.How they got passed it, I don't know
