Discussion in 'Prevx Releases' started by Konata Izumi, Jun 10, 2010.
How will prevx safeonline alert me if MITM occurs?
can somebody post a screenshot? :<
Not sure because I have never experienced one! But I do think that the Browser Window will go Black with a Warning Window in the middle of the screen! But Joe will let us know for sure!
Yes, this is correct The warning covers the full browser window and will prevent the page from loading until it is acknowledged by the user.
I don't have a screenshot on hand but can infect myself if there is a desire to see the warning
the warning window, is it going to tell me that it was MITM?
or it would simply say that the page I'm trying to access is blocked because of something malicious?
Thanks for asking I have a related thread here which you might be interested in MITM Attacks and Prevx/SOL http://www.wilderssecurity.com/showthread.php?t=270119
As it already does ? as described above by KI, which i've seen a few times You never mentioned this happening in my thread ? Would have made a big difference if you had
If it's different to the above it would be nice to see The total blackout effect certainly gets out attention, no missing that, no excuses
I'd certainly want to see a blocked MITM.
How will Prevx alert if another computer in the network is compromised causing a MITM?
Is it possible to get the correct address for the browser but recieve MITM attack and would this subvert Prevx security?
What alerts would occur if a computer, router, modem or Set Top Box not protected by Prevx is MITM with an in memory mod of tables?
I'm not entirely sure how to answer the question but as a point of clarification - one of the aspects of SafeOnline's MITM protection is that it runs a query with our central database to see how a website resolves and compares that to what the local PC is seeing the website as. If there is a mismatch, SafeOnline will show a warning message and block the user from browsing until it is corrected (whether this is caused by a router manipulation, HOSTs file change, or any number of other areas that can be modified).
Are you comparing hashes of the website source code to the hash of the same website viewed by the user?
Seems like you know alot about peoples surfing habits, I'll give you $2 per 1000.
How does Safe Online handle DNS Rebinding, or is this handled by Prevx?
No, unfortunately web pages are highly dynamic so hashes don't work. We're looking at the actual addresses that the pages are being served from.
Prevx does not store any personally identifiable information and doesn't store any information at all from SafeOnline.
SafeOnline primarily handles this by warning if the user is attached to a covert proxy which will prevent the victim from connecting to a "rebound" DNS.
Searching_ _ _
I was going to up it to $3
Hi, comments on Prevx versus this please
Understanding Man-In-The-Middle Attacks
This is fully protected in SafeOnline by the same underlying functions that detect mismatched IP addresses - it identifies the user's attempt to go to an HTTPS website and the subsequent behind-the-scenes redirection to an HTTP website. An interesting attack nonetheless, but if you don't use SafeOnline, you can circumvent it by always going to the https* version of a website directly (although indeed that isn't always possible, but for banks/credit cards, it should be )
Separate names with a comma.