Tag: man-in-the-middle
-
VB2017 video: Turning Trickbot: decoding an encrypted command-and-control channel
Trickbot, first reported a year ago by Malwarebytes researcher Jérôme Segura as the successor of Dyre/Dyreza, has become perhaps the most important banking trojan of 2017. It is known for its regular updates, with its use of SMB for lateral movement particularly noteworthy. Symantec ‘s Director of Threat Research Andrew Brandt is one of many…
-
VB2017 video: Turning Trickbot: decoding an encrypted command-and-control channel
Trickbot, first reported a year ago by Malwarebytes researcher Jérôme Segura as the successor of Dyre/Dyreza, has become perhaps the most important banking trojan of 2017. It is known for its regular updates, with its use of SMB for lateral movement particularly noteworthy. Symantec ‘s Director of Threat Research Andrew Brandt is one of many…
-
Hot FinSpy research completes VB2017 programme
The infamous FinSpy (or FinFisher) government spyware has managed to keep a low profile in recent years, though its use of two Microsoft zero-days ( CVE-2017-0199 and CVE-2017-8759 ) this year shows that it is still active. Today, researchers from ESET have published new research which points to the spyware using a different infection method:…
-
Hot FinSpy research completes VB2017 programme
The infamous FinSpy (or FinFisher) government spyware has managed to keep a low profile in recent years, though its use of two Microsoft zero-days ( CVE-2017-0199 and CVE-2017-8759 ) this year shows that it is still active. Today, researchers from ESET have published new research which points to the spyware using a different infection method:…
-
Security products and HTTPS: let’s do it better
It is one of the most hotly discussed topics in the security community: is it acceptable for a security product to intercept encrypted HTTP communication (HTTPS) to analyse its content? First, those who are against the practice point out that it breaks the end-to-end principle of HTTPS. This is obviously true, but misses an important…
-
Security products and HTTPS: let’s do it better
It is one of the most hotly discussed topics in the security community: is it acceptable for a security product to intercept encrypted HTTP communication (HTTPS) to analyse its content? First, those who are against the practice point out that it breaks the end-to-end principle of HTTPS. This is obviously true, but misses an important…
-
VB2016 preview: Detecting Man-in-the-Middle Attacks With Canary Requests
While man-in-the-middle attacks are relatively rare (especially among those not attending hacker conferences), it is quite common for computer users to be in a situation where an attacker could have an opportunity to take control of their network traffic. There are, of course, network mechanisms that seriously mitigate the risk, such as VPN or HTTPS,…
-
VB2016 preview: Detecting Man-in-the-Middle Attacks With Canary Requests
While man-in-the-middle attacks are relatively rare (especially among those not attending hacker conferences), it is quite common for computer users to be in a situation where an attacker could have an opportunity to take control of their network traffic. There are, of course, network mechanisms that seriously mitigate the risk, such as VPN or HTTPS,…
-
FREAK attack takes HTTPS connections back to 1990s security
Golden keys from the (first) crypto wars have come back to haunt us. When a web client makes a secure connection to a web server (using HTTPS), it starts by sending a ‘Hello’ message in which it announces which cipher suites it supports. The web server then chooses one, presumably the one that offers the…
-
Lenovo laptops pre-installed with software that adds its own root CA certificate
Shared root certificate makes for easy man-in-the-middle attacks. What is Superfish ? Superfish is a product that offers ‘Visual Search’. Say, for example, you are looking at cat photos on the Internet. Superfish inserts photos of similar cats into your browser, with links to places where you can buy them. Sounds like something that enhances…