How to help Prevent MITM attacks

Discussion in 'other security issues & news' started by CloneRanger, Sep 6, 2011.

Thread Status:
Not open for further replies.
  1. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    when doing online banking i like to run Chrome in Incognito Mode which auto-disable all extensions.

    IE9 has "InPrivate brosing" which does the same.
    i'm sure Firefox has something similar.
     
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    I do :) pass it almost every day too ;)

    I understand your concerns about Extentions etc :thumb:

    Indeed it does :thumb:

    *

    So we're not really much closer to finding a Permanent solution/prevention/detection to MITM ! Apart from DNSSEC for both HTTP & HTTPS, & CalomelSSLValidation for eg for HTTPS.
     
  3. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    aren't Trusteer Rapport and Quaresso Protect on Q/MyProtect supposed to protect against things (MITM) like these?
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Your best bet is to choose a secure DNS and to use secure firmware on your router and set it up securely. I only allow https when changing settings in my router and I have a very complex password/ username. I use Google DNS, which I trust not to be hacked. I don't think my ISP will be hacked and if it were I'd have a HELL of a lot more to worry about than MITM.

    Honestly, that's your best bet. I'm hearing mixed things from friends about IP requests.
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    me:
    him:
     
  6. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    ?

    I can't say fore sure, as it's a while since i tested TR, & haven't the others. But Prevx is definately "supposed" to, according to PrevxHelp :)

    Now i see the confusion some have over my MITM meaning. I'm not that interested in malware etc MITM for the purposes of these discussions, i'm Much more interested in people being able to prevent/detect MITM from for eg the MIB, aka Men In Black ;)

    Some might trust Google not to get hacked, but i wouldn't trust Google with their well known connections, & literally "Connections" at that :eek:
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    If you can't trust the site you're on there's literally no defense.
     
  8. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Knock knock Joe... :blink: :D
     
  9. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    I can't speak for Prevx, but the WSA BETA has a setting for MITM attacks in the Identity Shield.
     
  10. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    I assume they're only referring to specific types of MITM attacks.

    It's kind of like saying that something protects you from "robbery" but that could mean a lot of things.

    Protecting the user from DNS poisoning would likely be different from protecting them from a controlled network.
     
  11. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    From SafeOnline help:
    Prevx cross-references the DNS entries from visited websites to automatically detect man-in-the-middle attacks. By using our centralized database, we can automatically build a clear picture of valid resolutions for a particular website and act accordingly when a website is found that is trying to portray itself as a legitimate website.

    Other techniques like LSP chain modification and HOSTs file modifications are also automatically detected by Prevx and removed/avoided if necessary. Additionally, Prevx identifies any active proxy on the system to determine if traffic may be redirected or diverted to a different destination than the intended website.
     
  12. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    So, basically, they can prevent from a specific type (DNS) MITM attack or attacks that take place on the host.
     
  13. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    Can you post a screenie of it :)

    @ BoerenkoolMetWorst

    Thanks for the SafeOnline help explanation :thumb:

    Just remembered this Interesting thread :eek: Law Enforcement Appliance Subverts SSL https://www.wilderssecurity.com/showthread.php?t=268422

    What can/could alert us to something like that ?
     
  14. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Like I said, outside of monitoring your network traffic I don't think you can do anything.
     
  15. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Maybe stegonographically hide keys inside each packets different layers, missing or invalid keys would highlight a problem.
     
  16. tlu

    tlu Guest

    I agree. Perspectives has been available for quite a while and it's very useful. The academic paper available on http://perspectives-project.org/ offers a lot of background info - worth reading. DNSSEC Validator is very good, but since most sites don't use DNSSEC yet it doesn't help much right now.
     
  17. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.