Articles about mitm

Use SDN to smash tier one 'oligarchy', hacker says

AusCERT IIX security bod David Jorm is urging users and organisations to adopt software-defined networking (SDN) to break up the 'tier one networking oligarchy'. The former Red Hat security bod said SDN establishes peer-to-peer interconnects without the expense and complexity of traditional models, using projects including …
Darren Pauli, 9 Jun 2015

Microsoft scrambles to kill Live.fi man-in-the-middle diddle

Microsoft is firing off updates to kill a fake certificate that can be used to create a convincing man-in-the-middle attack against its Live services. Certificate Authority Comodo has killed the bad cert, which it issued, and now Redmond is following suit by updating its revocation list for Windows platforms. "Microsoft is …
Darren Pauli, 17 Mar 2015

Mozilla mulls Superfish torpedo

Firefox-maker Mozilla may neuter the likes of Superfish by blacklisting dangerous root certificates revealed less than a week ago to be used in Lenovo laptops. The move will be another blow against Superfish, which is under a sustained barrage of criticism for its use of a root certificate to launch man-in-the-middle attacks …
Darren Pauli, 23 Feb 2015

Superfish: Lenovo ditches adware, but that doesn't fix SSL megavuln – researcher

Lenovo is attempting to defuse controversy over its pre-installed Superfish crapware – which appears to have run man-in-the-middle attacks against consumers in order to sling ads – by saying it has discontinued use of the visual-recognition technology on new laptops and promising to review outstanding concerns. Superfish …
John Leyden, 19 Feb 2015
Virgin America plane in flight

GoGo in-flight WiFi creates man-in-the-middle diddle

In-flight wifi service GoGo, once accused of facilitating excessive interception access for US law enforcement, has now been spotted using fake Google SSL certificates to spy on net traffic and prevent passengers from accessing video streaming services. Google engineer Adrienne Porter Felt (@__apf__) noticed the fake SSL …
Darren Pauli, 6 Jan 2015
Hacker image

DoubleDirect hackers snaffle fandroid and iPhone-strokers' secrets

Hackers are running “Man-in-the-Middle” attacks (MitM) against smartphones using a new attack technique, security researchers warn. The so-called DoubleDirect technique enables an attacker to redirect a victim’s traffic to the attacker’s device. Once redirected, the attacker can steal credentials and deliver malicious payloads …
John Leyden, 21 Nov 2014

Microsoft, eBay apps open to man-in-the-middle diddle

At least 350 Android apps are open to man-in-the-middle MITM attacks, thanks to code that fails to validate certificates over secure sockets layer (SSL), says US Computer Emergency Response (CERT) security pro Will Dormann. The apps can be found in the Google Play and Amazon stores and have been included in a continually …
Darren Pauli, 5 Sep 2014
linkedin logo

LinkedIn ignored SIX WARNINGS about account-hijacking bug

LinkedIn accounts can be hijacked through simple man in the middle (MITM) attacks due to a failure to promptly fix a SSL stripping vulnerability . The flaw described ambitiously as a zero-day vulnerability allowed attackers to gain full control of a user's account after they had logged in via SSL. Attackers could jump between …
Darren Pauli, 20 Jun 2014
Mobile phone stolen by pickpocket

Thought mobe banking apps were safe from nasties? THINK AGAIN

Fake SSL certificates in the wild for Facebook, Google and Apple's iTunes store create a grave risk of fraud for people who bank online using their smartphones. Analysis outfit Netcraft said it has found "dozens” of fake SSL certificates impersonating banks, ecommerce sites, ISPs and social networks. The counterfeit …
John Leyden, 14 Feb 2014

Mystery traffic redirection attack pulls net traffic through Belarus, Iceland

Tons of internet traffic is being deliberately diverted through locations including Belarus and Iceland, and intercepted by crooks or worse, security experts fear. Network intelligence firm Renesys warns that victims including financial institutions, VoIP providers, and governments have been targeted by the man-in-the-middle …
John Leyden, 22 Nov 2013
The Register breaking news

T-Mobile patches Wi-Fi eavesdrop vuln

Last week, T-Mobile scrambled to patch a vulnerability uncovered by two University of California Berkeley students that made its Wi-Fi calling feature susceptible to man-in-the-middle attacks. At issue in the students' research, published in full here (PDF), is the certificate implementation used in the feature. The now- …
The Register breaking news

Attack hijacks sensitive data using newer Windows features

Security researchers have outlined a way to hijack huge amounts of confidential network traffic by exploiting default behavior in Microsoft's Windows operating system. The MITM, or man-in-the-middle, attacks described on Monday take advantage of features added to recent versions of Windows that make it easy for computers to …
Dan Goodin, 4 Apr 2011
The Register breaking news

CA issues no-questions asked Mozilla cert

Security researchers have uncovered weaknesses in low-assurance digital certificates that create a means for miscreants to mount more convincing man-in-the-middle (MITM) attacks. MITMs involve a hacker planting himself between two parties in a dialogue, relaying messages between them and effectively controlling the …
John Leyden, 29 Dec 2008

Create a news alert about mitm, or find more stories about mitm.

Biting the hand that feeds IT © 1998–2017