Google to kill man-in-the-middle attacks

Powered by SC Magazine
 

Chromium updates.

Google Chrome researchers have announced Chromium updates to tackle man-in-the-middle attacks, focusing on “mixed scripting” vulnerabilities.

These vulnerabilities occur when a page served over HTTPS loads a script, CSS or plug-in resource over HTTP.

“A man-in-the-middle attacker (such as someone on the same wireless network) can typically intercept the HTTP resource load and gain full access to the website loading the resource. It’s often as bad as if the web page hadn’t used HTTPS at all,” read a blog post from Chris Evans and Tom Sepez - members of the Google Chrome Security Team.

They announced blocking mixed scripting conditions by default would be trialled in the first Chromium 14 canary release, meaning it could appear in the Google Chrome browser in future releases.

An infobar showing when a script is being blocked will also be added.

“As a user, you can choose to reload the website without the block applied. Ideally, in the longer term, the infobar will not have the option for the user to bypass it,” the Google researchers said.

“Our experience shows that some subset of users will attempt to ‘click through’ even the scariest of warnings - despite the hazards that can follow.”

Tracking your identity

In another security play, Google introduced a new tool to help users monitor their identity on the internet.

Called ‘Me on the Web,’ the feature can be found within Google Dashboard beneath the account details link.

Me on the Web notes mentions of users’ names or email addresses in websites and news stories.

“Me on the Web also provides links to resources offering information on how to control what third-party information is posted about you on the web,” said Andreas Tuerk, Google product manager, in a blog post.

“These include common tips like reaching out to the webmaster of a site to ask for the content to be taken down, or publishing additional information on your own to help make less relevant websites appear farther down in search results.”

Copyright © ITPro, Dennis Publishing


Google to kill man-in-the-middle attacks
 
 
 
Top Stories
Matching databases to Linux distros
Reviewed: OS-repository DBMSs, MariaDB vs MySQL.
 
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
Who'd have picked a BlackBerry for the Internet of Things?
[Blog] BlackBerry has a more secure future in the physical world.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  71%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  10%
TOTAL VOTES: 765

Vote