Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Simple steps can be taken to help protect against man-in-the-middle (MITM) attacks, according to Verisign.
The company has claimed that simple steps can be taken against MITM attacks, including looking for a green address bar, downloading the latest versions of browsers and using two-factor authentication.
A new challenge of the MITM attack was unveiled at the recent Black Hat conference, where a fraudulent server intercepts communications between a user's browser and a legitimate website, and then acts as a proxy, collecting sensitive information over HTTP (not HTTPS) between the browser and the fraudulent server.
This attack is different due to the fraudulent site attempting to leverage false visual cues, such as replacing the fraudulent site's favicon with a padlock icon. While this scheme is capable of reproducing the padlock, it is not capable of recreating the legitimate HTTPS indicator or the green address bar, where the site is secured with an Extended Validation SSL Certificate.
Tim Callan, vice president of product marketing for VeriSign, said: "Though online criminals have been using low-authentication SSL Certificates in phishing and MITM types of attacks for years, the Black Hat presentation last week is a good reminder for end users to remain vigilant when transacting online.
"Security threats come in many forms and staying a step ahead requires education on the end-user side and a comprehensive, layered security approach from websites to help ensure that users have a secure experience."
VeriSign suggested not offering logins on pages that are not already in an SSL session and not including links in emails to customers, and encouraging them to download the latest version of their favourite browsers.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.