Not sure because I have never experienced one! But I do think that the Browser Window will go Black with a Warning Window in the middle of the screen! But Joe will let us know for sure! TH
Yes, this is correct The warning covers the full browser window and will prevent the page from loading until it is acknowledged by the user. I don't have a screenshot on hand but can infect myself if there is a desire to see the warning
the warning window, is it going to tell me that it was MITM? or it would simply say that the page I'm trying to access is blocked because of something malicious?
@Konata Izumi Thanks for asking I have a related thread here which you might be interested in MITM Attacks and Prevx/SOL https://www.wilderssecurity.com/showthread.php?t=270119 @PrevxHelp As it already does ? as described above by KI, which i've seen a few times You never mentioned this happening in my thread ? Would have made a big difference if you had If it's different to the above it would be nice to see The total blackout effect certainly gets out attention, no missing that, no excuses
How will Prevx alert if another computer in the network is compromised causing a MITM? Is it possible to get the correct address for the browser but recieve MITM attack and would this subvert Prevx security? What alerts would occur if a computer, router, modem or Set Top Box not protected by Prevx is MITM with an in memory mod of tables?
I'm not entirely sure how to answer the question but as a point of clarification - one of the aspects of SafeOnline's MITM protection is that it runs a query with our central database to see how a website resolves and compares that to what the local PC is seeing the website as. If there is a mismatch, SafeOnline will show a warning message and block the user from browsing until it is corrected (whether this is caused by a router manipulation, HOSTs file change, or any number of other areas that can be modified).
Are you comparing hashes of the website source code to the hash of the same website viewed by the user? Seems like you know alot about peoples surfing habits, I'll give you $2 per 1000. How does Safe Online handle DNS Rebinding, or is this handled by Prevx?
No, unfortunately web pages are highly dynamic so hashes don't work. We're looking at the actual addresses that the pages are being served from. Prevx does not store any personally identifiable information and doesn't store any information at all from SafeOnline. SafeOnline primarily handles this by warning if the user is attached to a covert proxy which will prevent the victim from connecting to a "rebound" DNS.
@PrevxHelp Hi, comments on Prevx versus this please Understanding Man-In-The-Middle Attacks https://www.wilderssecurity.com/showthread.php?t=276381 TIA
This is fully protected in SafeOnline by the same underlying functions that detect mismatched IP addresses - it identifies the user's attempt to go to an HTTPS website and the subsequent behind-the-scenes redirection to an HTTP website. An interesting attack nonetheless, but if you don't use SafeOnline, you can circumvent it by always going to the https* version of a website directly (although indeed that isn't always possible, but for banks/credit cards, it should be )