Search the Community
Showing results for tags 'mitm attacks'.
Found 2 results
steven36 posted a topic in Security & Privacy NewsStarting with version 66, Firefox will let you know when antivirus products, malware, or your ISP are tapping into your HTTPs traffic. The Firefox browser will soon come with a new security feature that will detect and then warn users when a third-party app is performing a Man-in-the-Middle (MitM) attack by hijacking the user's HTTPS traffic. The new feature is expected to land in Firefox 66, Firefox's current beta version, scheduled for an official release in mid-March. The way this feature works is to show a visual error page when, according to a Mozilla help page, "something on your system or network is intercepting your connection and injecting certificates in a way that is not trusted by Firefox." An error message that reads "MOZILLA_PKIX_ERROR_MITM_DETECTED" will be shown whenever something like the above happens. The most common situation where this error message may appear is when users are running local software, such as antivirus products or web-dev tools that replace legitimate website TLS certificates with their own in order to scan for malware inside HTTPS traffic or to debug encrypted traffic. Another scenario, also quite common, is when a user's computer gets infected with malware that attempts to intercept HTTPS traffic by installing untrusted certificates. A third scenario would be when an ISP or a malicious user on the same network is also hijacking the user's internet traffic, and replacing certificates in order to spy on the user's HTTPS traffic. The new MitM error page aims to serve as an early warning sign that something is wrong and that a deeper investigation may be needed. This Mozilla support page comes with various recommendations for each situation and how to configure various antivirus products. The MitM detection feature was initially scheduled to be released with Firefox 65. Its release was delayed after the MitM error page needed more fine-tuning to avoid false positives. Firefox is the second browser to add a MitM error page. The first was Google Chrome, which received support for showing MitM errors in version 63, released in December 2017. Source
steven36 posted a topic in Security & Privacy NewsBut there's been no evidence that the vulnerability has been exploited Bluetooth flaw exposes kit from Apple, Intel, Qualcomm and more to MITM attacks SECURITY BOFFINS have discovered a vulnerability in Bluetooth that allows attackers to potentially intercept communications between paired devices. The flaw, known as CVE-2018-5383, was unveiled by Lior Neumann and Eli Biham, cybersecurity researchers from the Israel Institute of Technology, who note that two Bluetooth features - Secure Simple Pairing and LE Secure Connections - are affected. The issue stems from the fact that the Bluetooth specification recommends, but does not require, that a device supporting Secure Simple Pairing or LE Secure Connections validate the public key received over the air when pairing with a new device. "In such cases, connections between those devices could be vulnerable to a man-in-the-middle attack that would allow for the monitoring or manipulation of traffic," Bluetooth SIG said in its advisory. "For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were going through a pairing procedure," the outfit added. "The attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgement to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window. If only one device had the vulnerability, the attack would not be successful." A whole host of devices are affected, and Apple, Broadcom, Qualcomm Intel are among those who have already pushed out fixes. According to Microsoft, its devices remain unaffected. Bluetooth SIG said that it has now updated the Bluetooth specification to require products to validate any public key received as part of public key-based security procedures, adding that there is no evidence of the flaw being exploited. "There is no evidence that the vulnerability has been exploited maliciously and the Bluetooth SIG is not aware of any devices implementing the attack having been developed, including by the researchers who identified the vulnerability," it said. Source