illurity-logo
Log in

Site menu:

Categories

Tags

Site search

July 2018
M T W T F S S
« Dec    
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

Links:

Archives

Man-in-the-Middle Attack Kit

Hot on the heels of the $15 WebAttacker malware kit comes an RSA report of a do-it-yourself Man-in-the-Middle kit. This is a scary evolution of phishing: by proxying the connection between the client (victim) and the real server (e.g. their bank) MitM can accurately indicate a failed login to the victim (making it harder to detect a phish) and worse, it can defeat most two-factor authentication systems, such as Paypal’s “new” security key.

A good argument for higher assurance levels on browsers and SSL certificates (which, assuming we trust the CA’s validation method, would reduce but not eliminate phishing) , and well-designed mutual authentication systems.

Share: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Twitter
  • LinkedIn
  • Facebook
  • email
  • Google Bookmarks
  • del.icio.us
  • StumbleUpon
  • Reddit

Comments

Comment from adaswani
Time: 2007-01-12, 13:40

Its common to have software that scans email content for blacklisted urls (the mitm urls in this case) – I just wonder, rather than having to continuously maintain and track such url lists, wouldnt it be better to instead have a central site – a gateway into a secure Internet, if you will, and all legitimate urls are linked off that. Entry to the secure gateway is permitted after offline verification mechanisms. So all content scanning systems no longer need to manage blacklisted urls, just instead scan for the legitimate security gateway.

You must be logged in to post a comment.