New versions of man-in-the-middle attacks can be countered by taking secure steps

By

Simple steps can be taken to help protect against man-in-the-middle (MITM) attacks, according to Verisign.

Simple steps can be taken to help protect against man-in-the-middle (MITM) attacks, according to Verisign.


The company has claimed that simple steps can be taken against MITM attacks, including looking for a green address bar, downloading the latest versions of browsers and using two-factor authentication.

A new challenge of the MITM attack was unveiled at the recent Black Hat conference, where a fraudulent server intercepts communications between a user's browser and a legitimate website, and then acts as a proxy, collecting sensitive information over HTTP (not HTTPS) between the browser and the fraudulent server.

This attack is different due to the fraudulent site attempting to leverage false visual cues, such as replacing the fraudulent site's favicon with a padlock icon. While this scheme is capable of reproducing the padlock, it is not capable of recreating the legitimate HTTPS indicator or the green address bar, where the site is secured with an Extended Validation SSL Certificate.

Tim Callan, vice president of product marketing for VeriSign, said: "Though online criminals have been using low-authentication SSL Certificates in phishing and MITM types of attacks for years, the Black Hat presentation last week is a good reminder for end users to remain vigilant when transacting online.

"Security threats come in many forms and staying a step ahead requires education on the end-user side and a comprehensive, layered security approach from websites to help ensure that users have a secure experience."

VeriSign suggested not offering logins on pages that are not already in an SSL session and not including links in emails to customers, and encouraging them to download the latest version of their favourite browsers.

Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?