New versions of man-in-the-middle attacks can be countered by taking secure steps

By

Simple steps can be taken to help protect against man-in-the-middle (MITM) attacks, according to Verisign.

Simple steps can be taken to help protect against man-in-the-middle (MITM) attacks, according to Verisign.


The company has claimed that simple steps can be taken against MITM attacks, including looking for a green address bar, downloading the latest versions of browsers and using two-factor authentication.

A new challenge of the MITM attack was unveiled at the recent Black Hat conference, where a fraudulent server intercepts communications between a user's browser and a legitimate website, and then acts as a proxy, collecting sensitive information over HTTP (not HTTPS) between the browser and the fraudulent server.

This attack is different due to the fraudulent site attempting to leverage false visual cues, such as replacing the fraudulent site's favicon with a padlock icon. While this scheme is capable of reproducing the padlock, it is not capable of recreating the legitimate HTTPS indicator or the green address bar, where the site is secured with an Extended Validation SSL Certificate.

Tim Callan, vice president of product marketing for VeriSign, said: "Though online criminals have been using low-authentication SSL Certificates in phishing and MITM types of attacks for years, the Black Hat presentation last week is a good reminder for end users to remain vigilant when transacting online.

"Security threats come in many forms and staying a step ahead requires education on the end-user side and a comprehensive, layered security approach from websites to help ensure that users have a secure experience."

VeriSign suggested not offering logins on pages that are not already in an SSL session and not including links in emails to customers, and encouraging them to download the latest version of their favourite browsers.

Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

WestJet probes cyber security incident

WestJet probes cyber security incident

Log In

  |  Forgot your password?