Microsoft is considering adding public-key pinning–an important defense against man-in-the-middle attacks–to Internet Explorer. The feature is designed to help protect users against the types of MITM attacks that rely on forged certificates, which comprise a large portion of those attacks.
Attackers use forged or stolen certificates to trick victims’ browsers into trusting a malicious site that the attacker controls. Public-key pinning helps prevent those attacks by binding a set of public keys issued by a trusted certificate authority to a specific domain. With that defense in place, if the user visits the site and is presented with a key that’s not part of the pinned set, the browser will reject the secure connection.Read more
There are details of a vulnerability in the design of SSL version 3.0. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker.
SSL 3.0 is nearly 15 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue. Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today.Read more
Hackers know how to hack a bank account with the help of MITM. About 23% percent of applications, based on Android by means of which people use banking services were hacked. Everything is a bit better with iOS, there are only 14 percent of apps.
According to the research, hackers use such attack as Man-in-the-Middle in order to steal money. Theft happens during the information transfer from the sender to the recipient. A client will be redirected to fake Wi-Fi knot. Everything will happen very quickly and unexpectedly. To achieve their insidious purposes, hackers set network equipment and create their own Wi-Fi. The difference in wireless network does not matter for you.Read more
The goal of most attackers, regardless of how they go about their business, is to steal user data. That could be in small, discrete attacks on individual users or it could be in large-scale compromises of popular Web sites or financial databases. The methods may change, but the aim is the same.
In most cases, attackers first try to get some sort of malware onto user machines, as that’s the shortest route between them and your data. But if that isn’t feasible for some reason, another popular method of compromise is the man-in-the-middle attack. As the name suggests, this attack vector involves the attacker placing himself – or his malicious tools – between the victim and a valuable resource.Read more