Certs again

Once again a major CA (Symantec) has been ‘caught’ issuing certificates improperly. There is a great write up on Ars Technica. This is really significant as falsly issued CA certificates are one (of many) way to MITM SSL.

This underlies the extreme difficulty in securing anything in IT. There are simply too many ‘moving parts’ and people in involved in securing anything. Your computers security depends on thousands of people and companies all doing everything correctly all of the time, and simple law of averages suggests this is unlikely to ever happen!

Kaspersky

Ouch - Kaspersky have been enabling MITM attacks on their customer base. The Register citig a Chrome bug report explains how you can use this to trick consumers in thinking a site is valid/safe when it is not.

This underlines the ease of MITM SSL/TLS - see my previous article for all the different ways this can be done!

Man in the middle is easier than you think

I’m often heard saying it’s quite easy to MITM HTTPS (also called SSL/TLS) and decided that maybe I should list all the methods I know of (there are quite a few).

The attacker has many options to try and get in the middle between the user and web server/API

• Pure Technical Approaches
  • Zero Day Vulnerabilities in browsers
  • TLS/SSL Breaks
  • Incorrectly Issued Trusted Certificate
  • Aquire vendor issued ’trusted’ certificate
• Social Engineering Approaches
  • Convince user to install MITM certificate
  • Convince user to install software
  • Malicious Browser Extensions
• Conclusion

Pure Technical Approaches

The pure technical approaches rely on attacks that don’t require users to make any mistakes and anyone can be vulnerable.