Defending against MITM attack

Discussion in 'other security issues & news' started by exus69, Apr 21, 2011.

Thread Status:
Not open for further replies.
  1. exus69

    exus69 Registered Member

    Joined:
    Mar 15, 2009
    Posts:
    160
    If I use the latest version of Firefox with "HTTPS Everywhere" addon and if the sites that I visit provide HTTPS will I be still vulnerable to any MITM attack like sslstrip from my LAN??

    Awaiting your replies.
     
  2. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    HTTPS Everywhere can protect you only when you're using sites that support HTTPS and for which HTTPS Everywhere includes rules.

    Check your HTTPS-Everywhere Preferences in Firefox: Tools>Add-ons>Extensions tab.

    You can learn how to write your own rulesets (to add support for other web sites) here.

    Regarding sslstrip from your LAN, if sslstrip has made its way onto any node of your LAN, you are already compromised if it is operating independently. So, it is doubtful that HTTPS Everywhere would be able to protect you from a MITM attack unless you are able to devise a ruleset for that protection IMHO.

    -- Tom
     
  3. exus69

    exus69 Registered Member

    Joined:
    Mar 15, 2009
    Posts:
    160
    Of course if that node had HTTPS Everywhere installed then it wudnt get compromised as well, right? Is that what you mean?

    Btw sorry for not replying since soo long.
     
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Prevx PSOL is said to prevent MITM, by PrevxHelp himself. You could ask for confirmation in the Prevx thread ;)
     
  5. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    Hi exus69,

    No - nwim! HTTPS Everywhere is installed in Firefox, not on a network node.

    -- Tom
     
  6. exus69

    exus69 Registered Member

    Joined:
    Mar 15, 2009
    Posts:
    160
    Hello Tom,

    Can you please explain that to me in some detail? I din't get you. Sorry noob here trying to learn about security.
     
  7. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    HTTPS Everywhere is a Firefox Addon. Its purpose in life is to insure that browser visits to a select group of websites uses the https protocol (i.e. with SSL support) rather than the unsecured http protocol.

    Network nodes do not have HTTPS Everywhere installed (Firefox does). However, network nodes either support SSL or they don't, so if a website doesn't support SSL, nothing anyone does (including writing a ruleset for that website) will be able to make the browser connect securely to that website (at least until the website implements SSL protocol support for securely connecting to it). SSL is an Application layer protocol.

    HTTPS Everywhere doesn't mean nor imply that all websites have SSL support installed for connecting to that website, however, by virtue of having it installed in your Firefox browser, by default it should be able to visit all checked websites (see HTTPS Everywhere options in Firefox add-ons) with SSL support.

    -- Tom
     
  8. exus69

    exus69 Registered Member

    Joined:
    Mar 15, 2009
    Posts:
    160
    Hi Tom,

    Thanks for the explanation. I actually got confused by the term "network nodes" hence I asked for some more detail. We connect to any website through a browser only right? then where does network node come into the picture? By "network node" do you mean any other client pc in the LAN?
     
  9. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    Hi exus69,

    Any external website, e.g. in Firefox main menu bar click on Tools>Add-ons>Extensions>HTTPS-Everywhere 1.0.0>Preferences button and you will see a list of Sites most with green checks, and some with different kinds of exceptions related to certification, buggy, etc.

    The Internet consists of a subset called the World Wide Web which are the websites you can visit in your web browser - each of which is a network node in the WWW. That is what I mean by a network node, However, locally, if one has multiple computers on a local network LAN, and you can visit each of them either via a web browser or otherwise, then they too are network nodes of the local variety. So, then this would include your understanding of "any other client pc in the LAN".

    There are other ways to connect to any websites than via a web browser, e.g. Telnet protocol login (via a Terminal window command) by account name, or via FTP anonymously with your email address identity (also via a Terminal window command).

    -- Tom
     
  10. exus69

    exus69 Registered Member

    Joined:
    Mar 15, 2009
    Posts:
    160
    Thanks alot Tom. Your explanation is thorough. The fact that most of the major websites have switched to https is really good news. Generally, most of the people use common sites like hotmail,gmail,facebook and these all use https and doing a MITM attack is only possible by using self signed certificates but again all the latest browsers give a strong alert that they don't trust the connection if its under attack.One attack vector less for the bad guys, what say?
     
Loading...
Thread Status:
Not open for further replies.