RE: [fw-wiz] Security of HTTPS

• Previous message: Servie Platon: "RE: [fw-wiz] Security of HTTPS"
• In reply to: Servie Platon: "RE: [fw-wiz] Security of HTTPS"
• Next in thread: Kevin Sheldrake: "Re: [fw-wiz] Security of HTTPS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Servie Platon <servie_tech@yahoo.com>
Date: Sat, 27 Nov 2004 10:04:22 -0500 (EST)

On Fri, 26 Nov 2004, Servie Platon wrote:

> 1. How does the cracker hone in to attack a preferred
> network of choice? Do they just port scan the internet
> and once it finds one would do the MITM and pose as a
> legit web site?

It's called a "Man in the middle" attack for a reason, the attacker must
be in the "middle" of the traffic flow.

>
> 2. Do they pose as legit web sites to unsuspecting
> users, or hiding in the guise of a famous web site but
> in fact doing a MITM attack?

That happens too, for instance, recently there's been a spate of Windows
malware changing hosts file entries to get the site's traffic redirected
to them, even if the user types the URL in their browser.

> Most people now adays, make online transactions such
> as buying, selling and other e-commerce type of thing.
> After reading the whitepaper makes me think twice if
> it is really safe using HTTPS despite the guarantees
> being stated by such sites?

It's as safe as anything else, that is to say the risks have been
minimized to the extent it's possible to do so without being
over-infringing, but it could be done in a better way if there weren't so
many competing interests.

> Any tips, suggestions, as well as explanations as to
> how this is done and how to avoid such a thing from
> occuring would mean a lot so that we could limit the
> chances of being victimized in the future.

Keep the integrity of your client systems strong, make sure your DNS is
good, make sure your routers are secure, use good clients, and track
transactions and audit them.

Generally, there are enough weak Web servers that MITM attacks aren't
worthwhile, other than the redirection stuff I mentioned earlier.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Servie Platon: "RE: [fw-wiz] Security of HTTPS"
• In reply to: Servie Platon: "RE: [fw-wiz] Security of HTTPS"
• Next in thread: Kevin Sheldrake: "Re: [fw-wiz] Security of HTTPS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: [fw-wiz] Security of HTTPS ... accept a certificate that is in date, relates to the right site, but is ... The amusing side of this MITM attack is that if you register your ... > legit web site? ... >> Vous manquez d’espace pour stocker vos mails? ... (Firewall-Wizards) RE: [fw-wiz] Security of HTTPS ... posting my question based on the topic of MITM attack. ... legit web site? ... After reading the whitepaper makes me think twice if ... > filtering of HTTPS traffic... ... (Firewall-Wizards) consipracy theories ... post that crap to Mig's web site. ... The bottom line is that Susan Polar is trying to shut down discussion ... of the guilt of her Husband, USCF Vice President Paul Troung. ... (rec.games.chess.politics) Re: consipracy theories ... post that crap to Mig's web site. ... The bottom line is that Susan Polar is trying to shut down discussion ... of the guilt of her Husband, USCF Vice President Paul Troung. ... (rec.games.chess.politics) Re: merging a mail merge into ACT database ... >produce a comma delimited file that yuou can import into ... > Graham Mayor - Word MVP ... > Word MVP web site www.mvps.org/word ... >Paul D. wrote: ... (microsoft.public.word.mailmerge.fields)