Posted by: Troy Tate
administration, awareness, blog, Browsers, CA, certificate authority, design, forensics, howto, intellectual property, malware, man-in-the-middle, MITM, network analysis, Networking, online identity, reporting, risk, Security, SSL, vulnerability, web, website, WWW
Well, I am not the best speller and I know that is true for most people. I have recently discovered how this human weakness can get you into trouble and cause identity loss as well as potential financial loss.
This issue has recently come to light with some of the Black Hat presentations. The actual presentation can be found here. This example actually refers to SSL VPN attacks but consider what would happen if an attacker was able to create a man-in-the-middle SSL proxy using a typosquatting domain name. For example, what if you typed https://www.mybnak.com/myaccount into your browser. The actual address should be https://www.mybank.com/myaccount. This is just a simple typographical error right? Hmmmmm… maybe not!
Consider if an attacker purchased the domain name mybnak.com. They then were able to get an SSL certificate or create a self-signed one that to an uneducated user looked ok. Have you ever seen a message like the following?
How many of you (come on, admit it now) have clicked on this or know someone who would click on this without thinking a second time? Say you did click on Yes and proceeded. The website you go to looks exactly like the one where you intended to go! This is because the address you mistyped into your browser actually goes to an SSL proxy and you just said you trusted the website. You have now fallen into the man-in-the-middle attack.
This looks like the following picture:
This attacker now takes all the traffic you send it, reads it, saves what it wants, repackages it, sends it to your intended destination and returns information back to you (keeping copies of what information is returned) without you knowing that someone is between you and your intended bank. Phishers do use a similar mechanism although a savvy consumer might actually see that the address in the address bar does not match their intended destination at all. In my example, YOU mistyped the address!
Well if this does not scare you into making sure you can type addresses or keep accurate bookmarks then read some of the following and make up your own mind:
But, on the other side of this argument consider this story about how a MITM attack saved Columbian hostages.
The internet is not a place to be ignorant about your surroundings. Users must be vigilent and savvy about its use. Maybe there should be internet driver testing and licences?
Thanks for your time. Let’s be good network citizens together & practice safe networking!