Blog Posts Tagged with "Man-In-The-Middle"


Man-in-the-Middle Redux

November 05, 2012 Added by:Tripwire Inc

This attack used to be fairly innovative. But not so much anymore. Would-be attackers can buy the basic components “off the shelf” using ready-made toolkits like Ettercap, Mallory (I love the creative use of the classic MITM name), and dsniff. If you’d like a better look at how it works, this is a good video...

Comments  (0)


Does Two-Factor Authentication Need Fixing?

July 03, 2012 Added by:Nick Owen

Assuming that the anti-malware companies cannot keep malware off PCs, what can be done? Well, actually stronger authentication can be applied at certain points in the online banking process to reduce exposure. When people think of two-factor authentication, they typically mean session authentication...

Comments  (1)


ICS-CERT: Innomate MGuard Weak HTTPS and SSH Keys

June 19, 2012 Added by:Infosec Island Admin

An independent research group has identified an insufficient entropy vulnerability in Innominate’s mGuard network appliance product line which could allow an attacker to obtain the credentials of administrative users and potentially perform a Man-in-the-Middle (MitM) attack...

Comments  (0)


VeriSign Hacked - But Why?

February 03, 2012 Added by:Plagiarist Paganini

The impairment of these mechanisms could lead to the redirection of traffic to bogus sites with serious consequences - and not just that - the compromise of the Digital Certificate model itself raises the risk for the interception of emails and confidential documents...

Comments  (0)


SpyEye Trumps Mobile Banking SMS Security Systems

October 06, 2011 Added by:Headlines

"This latest SpyEye configuration demonstrates that out-of-band authentication systems, including SMS-based solutions, are not fool-proof... Using a combination of MITB technology and social engineering, fraudsters... fly under the radar of fraud detection systems..."

Comments  (0)


Should You Fear the BEAST?

September 29, 2011 Added by:f8lerror

BEAST is a Man-In-The-Middle (MitM) attack that injects plain text into the encrypted stream sent by the victim's browser via JavaScript during a MitM attack. Using injected plain text and the encrypted results, BEAST can eventually decrypt the entire HTTPS request and cookies...

Comments  (0)


Comodo: Iran Responsible for Rogue Digital Certificates

September 08, 2011 Added by:Headlines

"The attack on Diginotar doesn't rival Stuxnet in terms of sophistication or coordination. However, the consequences of the attack on Diginotar will far outweigh those of Stuxnet. The attack on Diginotar will put cyberwar on or near the top of the political agenda of Western governments..."

Comments  (0)


Potentially Hundreds of Bogus Digital Certificates Issued

August 31, 2011 Added by:Headlines

"Chrome's hardcoded certificate blacklist actually increased by 247 entries... When a Comodo reseller was hacked back in March and its infrastructure was used to issue rogue certs for Google, Hotmail, Yahoo and other sites, Chrome's blacklist increased with just 10 certs..."

Comments  (0)


Quiet Please - H4xing in Progress

August 10, 2011 Added by:David Martinez

I used this script from the BT5 How-To page, which grabs packets, redirects them through sslstrip, prints the info to my machine, and sends it to the end-user with a spoofed source. Within 30 minutes, I had at least 5 different passwords for FB, Twitter, G-mail, and others...

Comments  (0)


Allegations of MitM Hack of 2004 Presidential Ohio Election

July 28, 2011 Added by:Headlines

"The architecture further confirms how this election was stolen. The computer system and SmarTech had the correct placement, connectivity, and computer experts necessary to change the election in any manner desired by the controllers of the SmarTech computers..."

Comments  (0)


LinkedIn SSL Leaves Accounts Vulnerable to Hijacking

May 23, 2011 Added by:Headlines

"There exists multiple vulnerabilities in LinkedIn in which it handles the cookies and transmits them over SSL. This vulnerability if exploited, can result in hijacking of user accounts, and/or modifying the user information without the consent of the profile owner..."

Comments  (0)


The Problem with Two-Factor Authentication Solutions

May 15, 2011 Added by:Roman Yudkin

It's great news that more websites are strengthening online authentication. When one considers how much sensitive, personal information people share on the Web, relying on a single layer of password protection simply is not enough...

Comments  (7)


Sunspot Financial Malware Targeting Windows Systems

May 13, 2011 Added by:Headlines

"Sunspot was not originally developed as crimeware... We could be witnessing a sea change in malware development where general purpose and little know malware platforms are re-programmed to carry out financial fraud. This will make it even more difficult to defend against..."

Comments  (0)


SSL Issues: From Man-in-the-Middle Attacks to Hackers

April 16, 2011 Added by:Dan Dieterle

There seems to be little verification before certificates are handed out. When you add in reports of hackers stealing or creating fake certificates and also hardware devices that perform SSL man-in-the-middle attacks, it sounds like SSL is really in need of an overhaul...

Comments  (0)


MITM Attack Exploits Windows IPv6 Protocols

April 06, 2011 Added by:Headlines

“All these Windows boxes will default connect to the evil router instead of the legitimate router when this parasitic overlay is running. If Microsoft didn't have that configuration by default, it would negate a lot of the effects of the attack..."

Comments  (0)


Man in the Middle (MITM) Attacks Explained

December 23, 2010 Added by:Stefan Fouant

MITM attacks come in many forms and essentially allow an attacker to act as a proxy between the victim and any host the victim has established connections with. It is a form of active eavesdropping in which the attacker is controlling the conversation unbeknownst to the victim...

Comments  (0)

Page « < 1 - 2 > »