man-in-the-middle

Oct 27 2008   8:52PM GMT

Did you see this? - (Wire)Sharkfest 2008 videos - including Vint Cerf - now available

Posted by: Troy Tate
Networking, forensics, Security, tools, Microsoft Windows, Linux, Monitoring, web, reporting, Google, internet, IT education, WAN, LAN, performance monitoring, troubleshooting, Performance, Network TAPs, howto, network analysis, Metrics, wireshark, packet capture, research, education, toolkit, man-in-the-middle, analysis

Checkout the Sharkfest 2008 videos at LoveMyTool.com. If you use Wireshark or want to learn network troubleshooting, this is one of the best resources you can have in your toolkit. The videos will give you a better understanding of this tool and other tools out there.

There is even a video of Dr. Vinton G. Cerf, vice president and Chief Internet Evangelist for Google. He is responsible for identifying new enabling technologies and applications on the Internet and other platforms for the company. Widely known as a “Father of the Internet,” Vint is the co-designer with Robert Kahn of TCP/IP protocols and basic architecture of the Internet.

Have a great day and thanks for stopping by!

Sep 19 2008   12:53PM GMT

Did you see this? - Encyclopedia of internal network security threats

Posted by: Troy Tate
Networking, forensics, Security, tools, Microsoft Windows, Monitoring, Browsers, web, reporting, WWW, antivirus, homeland security, Data security, malware, Policy, design, Firefox, Microsoft, website, troubleshooting, honeypot, botnet, risk, research, awareness, vulnerability, man-in-the-middle

Promisec has released an online encyclopedia of internal network security threats. This is available online for free. There is a lot of information to look through and decide how the risks affect your organization.

Take for example the entry describing GoogleTalk. The site rates it as one of the top 5 internal threats.

The more we know about these risks the better prepared we can be. Thanks for your time. Let’s be good network citizens together & practice safe networking!

Aug 22 2008   8:02PM GMT

Poor Spelling = Identity Lost

Posted by: Troy Tate
administration, Networking, forensics, Security, Browsers, web, reporting, WWW, intellectual property, CA, certificate authority, malware, SSL, design, website, howto, network analysis, online identity, risk, awareness, blog, vulnerability, MITM, man-in-the-middle

Well, I am not the best speller and I know that is true for most people. I have recently discovered how this human weakness can get you into trouble and cause identity loss as well as potential financial loss.

This issue has recently come to light with some of the Black Hat presentations. The actual presentation can be found here. This example actually refers to SSL VPN attacks but consider what would happen if an attacker was able to create a man-in-the-middle SSL proxy using a typosquatting domain name. For example, what if you typed https://www.mybnak.com/myaccount into your browser. The actual address should be https://www.mybank.com/myaccount. This is just a simple typographical error right? Hmmmmm… maybe not!

Consider if an attacker purchased the domain name mybnak.com. They then were able to get an SSL certificate or create a self-signed one that to an uneducated user looked ok. Have you ever seen a message like the following?

How many of you (come on, admit it now) have clicked on this or know someone who would click on this without thinking a second time? Say you did click on Yes and proceeded. The website you go to looks exactly like the one where you intended to go! This is because the address you mistyped into your browser actually goes to an SSL proxy and you just said you trusted the website. You have now fallen into the man-in-the-middle attack.

This looks like the following picture:

This attacker now takes all the traffic you send it, reads it, saves what it wants, repackages it, sends it to your intended destination and returns information back to you (keeping copies of what information is returned) without you knowing that someone is between you and your intended bank. Phishers do use a similar mechanism although a savvy consumer might actually see that the address in the address bar does not match their intended destination at all. In my example, YOU mistyped the address!

Well if this does not scare you into making sure you can type addresses or keep accurate bookmarks then read some of the following and make up your own mind:

Mozilla SSL Policy Considered Bad for the Web

SSL VPN might not be as secure as you think

Black Hat 2008 Aftermath

But, on the other side of this argument consider this story about how a MITM attack saved Columbian hostages.

The internet is not a place to be ignorant about your surroundings. Users must be vigilent and savvy about its use. Maybe there should be internet driver testing and licences?

Thanks for your time. Let’s be good network citizens together & practice safe networking!