Simple steps can be taken to help protect against man-in-the-middle (MITM) attacks.
VeriSign has claimed that simple steps can be taken against MITM attacks, including looking for a green address bar, downloading the latest versions of browsers and using two-factor authentication.
A new challenge of the MITM attack was unveiled at the recent Black Hat conference, where a fraudulent server intercepts communications between a user's browser and a legitimate website, and then acts as a proxy, collecting sensitive information over HTTP (not HTTPS) between the browser and the fraudulent server.
This attack is different due to the fraudulent site attempting to leverage false visual cues, such as replacing the fraudulent site's favicon with a padlock icon. While this scheme is capable of reproducing the padlock, it is not capable of recreating the legitimate HTTPS indicator or the green address bar, where the site is secured with an Extended Validation SSL Certificate.
Tim Callan, vice president of product marketing for VeriSign, said: “Though online criminals have been using low-authentication SSL Certificates in phishing and MITM types of attacks for years, the Black Hat presentation last week is a good reminder for end users to remain vigilant when transacting online.
“Security threats come in many forms and staying a step ahead requires education on the end-user side and a comprehensive, layered security approach from websites to help ensure that users have a secure experience.”
VeriSign suggested not offering logins on pages that are not already in an SSL session and not including links in emails to customers, and encouraging them to download the latest version of their favourite browsers.