SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
#mitm
27 Jun 2017

Password Reset MITM: Exposing the need for better security choices

Attackers that have set up a malicious site can use users’ account registration process to successfully perform a password reset process on a number of popular websites and messaging mobile applications.

The Password Reset Man in the Middle attack exploits the similarity of the registration and password reset processes. To launch such an attack, the attacker only needs to control a website. To entice victims to make an account on the malicious website, the attacker can offer free access to a wanted resource. Once the user initiates the account registration process by entering their email address, the attacker can use that information to initiate a password reset process.

Read more
Tags:
information leaks Google MITM
Source:
Help Net Security
2635
29 Aug 2016

HTTPS and OpenVPN face new attack that can decrypt secret cookies

Researchers have devised a new attack that can decrypt secret session cookies from about 1 percent of the Internet's HTTPS traffic and could affect about 600 of the Internet's most visited sites.

The attack isn't particularly easy to carry out because it requires an attacker to have the ability to monitor traffic passing between the end user and one of the vulnerable websites and to also control JavaScript on a webpage loaded by the user's browser. The latter must be done either by actively manipulating an HTTP response on the wire or by hosting a malicious website that the user is tricked into visiting.

Read more
Tags:
information leaks MITM
Source:
Ars Technica
2304
17 Aug 2016

FalseCONNECT sends vendors scrambling to patch proxy MITM bug

For the many people that dislike corporate proxies, this probably won't be much of a surprise: a bunch of environments are vulnerable to man-in-the-middle attacks. “FalseCONNECT” is a combination of protocol bug and implementation error – which means it affects end users via operating systems, as well as network devices.

The problem is in how two Web protocols interact. If an attacker can see users' requests to connect, they can replace the proxy's OK message with “407 Proxy Authentication Required” message – and grab the victim's credentials. This is a potent attack, because the user's browser can then go ahead and establish their “trusted” connection via the proxy.

Read more
Tags:
information leaks MITM
Source:
The Register
1711
13 Jul 2016

Millions of Xiaomi phones at risk of remotely installed malware

Millions of Xiaomi phones are vulnerable to a flaw that could allow an attacker to remotely install malware. The vulnerability, now fixed, was found in the analytics package in Xiaomi's custom-built Android-based operating system.

Security researchers at IBM, who found the flaw, discovered a number of apps in the package that were vulnerable to a remote code execution flaw through a man-in-the-middle attack -- one of which would allow an attacker to run arbitrary code at the system-level. In other words, an attacker could inject a link to a malicious Android app package, which is extracted and executed at the system level.

Read more
Tags:
Xiaomi information leaks MITM
Source:
ZDNet
1873
14 Mar 2016

Samsung PC, laptop owners urged to download fix to MitM attack

Samsung laptop owners are being urged to update their Windows PCs after the discovery of a vulnerability that can allow remote attackers to download files onto a targeted system and gain complete control over the laptop.

The flaw is tied to a feature called “Samsung SW Update Tool 2.2.5.16” designed keep Samsung laptop users’ drivers and software up to date. “This vulnerability could be considered as a medium or low threat to most Samsung laptop users,” said Joaquín Varela, senior security researcher from Core Security CoreLabs Team, who discovered the Samsung vulnerability.

Read more
Tags:
MITM information leaks Samsung
Source:
Threatpost
2257
3 Jul 2015

Significant vulnerability found in LG phones

Android LG phones have a security vulnerability in the Update Center application which comes pre-installed on most LG phones. Researchers have discovered a vulnerability that exists on most LG phones which can potentially allow an attacker to replace an application with a malicious file that could lead to potentially disastrous consequences.

LG pre-installs custom applications on its phones which are otherwise not available for download on Google’s Play Store. Since they’re pre-loaded onto the phones, the devices contain a separate update method that fundamentally relies on a connection to a LG server.

Read more
Tags:
LG information leaks MITM
Source:
LIFARS
1987
9 Jun 2015

Urban surveillance camera systems lacking security

Local governments and law enforcement are becoming increasingly more reliant on networked surveillance cameras in order to monitor densely populated urban areas.

London is a notorious example of urban surveillance, where there is reportedly one camera for every 11 residents. Not surprisingly, many of these cameras, in London and elsewhere, are networked wirelessly into the Internet so they can be remotely monitored by law enforcement. Many of these wireless connections are not secure. As a result, though they are intended to combat crime, criminals.

Read more
Tags:
surveillance MITM
Source:
Kaspersky Daily
2294
21 May 2015

Logjam attack exposes data passed over TLS connections

Scientists have identified weaknesses in the way popular cryptographic algorithm Diffie-Hellman key exchange is deployed – notably, they discovered an attack that could enable the reading and modifying of data passed over TLS connections.

The attack can be used by a MITM attacker to downgrade TLS connections to 512-bit export-grade cryptography that is weaker and easier to crack, thus enabling the reading and modifying of data. The attack is similar to the FREAK attack, except it attacks Diffie-Hellman key exchange as opposed to RSA key exchange, and is the result of a flaw in TLS protocol.

Read more
Tags:
Logjam TLS information leaks MITM HTTPS
Source:
SC Magazine
2540
23 Jan 2015

Malware could steal data from iPhones using Siri

A pair of computer scientists based in Europe have found a security vulnerability in the iPhone 5 series of smartphones that could be exploited by malicious software and compromise a user’s personal information.

The security flaw relies on steganography—the practice of hiding a message within another message. It’s related to cryptography, but whereas cryptography is the concealment of a message’s contents, steganography hides the fact that a secret message is being sent at all. Classic examples include embedding a message in a digital photo. But the computer scientists involved in the iPhone exploit have also found ways to hide messages using the network protocols.

Read more
Tags:
Apple iOS MITM information leaks
Source:
IEEE Spectrum
2185
22 Jan 2015

China reportedly attacks Microsoft users

China mounted a cyberattack on users of Microsoft's Outlook email service, with the apparent goal of spying on their communications. People within China using email clients to connect to their Outlook, Hotmail or Live accounts were subjected to a "man-in-the-middle" attack in which the attacker tried to hijack what's normally a secure, encrypted connection.

The activist group believes this is the latest attempt by China to intercept and spy on communications that it can't easily monitor. Some users reported the attack when they saw error messages using email clients connecting to Outlook's servers via IMAP and SMTP, protocols used to send and receive emails.

Read more
Tags:
hackers China MITM Microsoft
Source:
Mashable
2133
SafeUM NEWS
27 Apr 2017 safeum news imgage Encrypted Group Chat
4 Apr 2017 safeum news imgage Each SafeUM user gets free anonymous phone number
10 Mar 2017 safeum news imgage SafeUM useful features to help you feel safe
28 Sep 2016 safeum news imgage Secure Messenger SafeUM
21 Jul 2015 safeum news imgage New secured zone of Google Play: secure messenger SafeUM for Android. Download, Install, Communicate
3 Apr 2015 safeum news imgage We are beginning to test SafeUM for Windows Phone
25 Feb 2015 safeum news imgage SafeUM messenger is available for public testing
20 Feb 2015 safeum news imgage Algorithms and encryption schemes used for secure messenger SafeUM
30 Jan 2015 safeum news imgage New "TOP Security!" app is on the App Store
22 Jan 2015 safeum news imgage Free "TOP Security!" app is available on Google Play
28 Oct 2014 safeum news imgage How are security keys generated in SafeUM?
19 Jun 2014 safeum news imgage SafeUM is the best messenger for data protection and information security
16 Jun 2014 safeum news imgage Become a SafeUM tester and get free PREMIUM subscription for a year
12 May 2014 safeum news imgage Why Premium secure messenger SafeUM cannot be free
25 Apr 2014 safeum news imgage Encrypted secure messaging for every mobile device
All news
First page Previous
1 2
Next Last page
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015