This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

New versions of man-in-the-middle attacks can be countered by taking secure steps

Share this article:

Simple steps can be taken to help protect against man-in-the-middle (MITM) attacks.

 

VeriSign has claimed that simple steps can be taken against MITM attacks, including looking for a green address bar, downloading the latest versions of browsers and using two-factor authentication.

 

A new challenge of the MITM attack was unveiled at the recent Black Hat conference, where a fraudulent server intercepts communications between a user's browser and a legitimate website, and then acts as a proxy, collecting sensitive information over HTTP (not HTTPS) between the browser and the fraudulent server.

 

This attack is different due to the fraudulent site attempting to leverage false visual cues, such as replacing the fraudulent site's favicon with a padlock icon. While this scheme is capable of reproducing the padlock, it is not capable of recreating the legitimate HTTPS indicator or the green address bar, where the site is secured with an Extended Validation SSL Certificate.

 

Tim Callan, vice president of product marketing for VeriSign, said: “Though online criminals have been using low-authentication SSL Certificates in phishing and MITM types of attacks for years, the Black Hat presentation last week is a good reminder for end users to remain vigilant when transacting online.

 

“Security threats come in many forms and staying a step ahead requires education on the end-user side and a comprehensive, layered security approach from websites to help ensure that users have a secure experience.”

 

VeriSign suggested not offering logins on pages that are not already in an SSL session and not including links in emails to customers, and encouraging them to download the latest version of their favourite browsers.

 

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Google and Facebook offer free cyber-security tools

Google and Facebook offer free cyber-security tools

Google and Facebook have both launched free open-source cyber-security tools this week, designed to help security professionals spot malware and cyber-attacks.

Mixed results for key Government cyber-initiatives

Mixed results for key Government cyber-initiatives

The Government's Verify scheme to confirm IDs is behind scheuduled uptake, but its CISP threat intelligence sharing scheme is ahead of target.

Hundreds of companies face 2,000 cyber-attacks in EU exercise

Hundreds of companies face 2,000 cyber-attacks in EU ...

The European Network and Information Security Agency (ENISA) conducted a 24-hour cyber-exercise in which more than 200 organisations from 25 EU member states faced virtual cyber-attacks from white hat hackers ...