« Better Swatch What You Say | Main | Poisoning the Hamburger Helper »

Sep 11, 2011

Comments

Compromised certificates are a serious problem. As a result probably the CA system requires a thorough review, yet there are sufficient reasons to believe that the man in the middle attack is rather unlikely outside Iran. And also, there are several easy countermeasures providing some form of protection against MITM attacks.

Any challenge based response like CAPTCHA puts a heavy load on the MITM. Cell phones could be used to send text messages with validation codes, or security devices require the user to return a validation code. In all cases a MITM would not be able to do what a user could do.

Furthermore you may ask yourself where a MITM could be located, and whether it is likely that his presence would be unnoticed.

The user could be affected by phishing software (for which we protect ourselves), or the MITM could be a hacked server at your ISP (which I sort of exclude as a possibility in civilized countries), or the MITM could be a compromised public access point when you use wifi.

Any sort of alert by for instance the CertWatch add-on in firefox while you would try to browse to a secured website through a public access point would certainly trigger my attention. But how many users click such messages away, without asking what it means, and which risks are involved?

All good points. Thanks for the deeper dive on MITM attacks.

The comments to this entry are closed.