It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Hackers Expose Weakness In Visiting Trusted Sites

page: 1
1

log in

join
share:

posted on Aug, 1 2009 @ 11:03 PM
link   

Hackers Expose Weakness In Visiting Trusted Sites


www.ksat.com

LAS VEGAS -- A powerful new type of Internet attack works like a telephone tap, but it operates between computers and Web sites they trust.

Hackers at the Black Hat and DefCon security conferences have revealed a serious flaw in the way Web browsers weed out untrustworthy sites and block anybody from seeing them. If a criminal infiltrates a network, he can set up a secret eavesdropping post and capture credit card numbers, passwords and other sensitive data flowing between computers on that net
(visit the link for the full news article)




posted on Aug, 1 2009 @ 11:03 PM
link   
Well folks, I really don't know what to tell you on this one. I know a lot of folks have learned to check for the padlock icon on the bottom of the browser and make sure the sight says HTTPS.

Mozilla says the problem for them was fixed with the latest version of their browser, but M$ is still trying to figure it out for theirs.

If you, by chance (and despite warnings) use your PC for any type of sensitive transactions, I'd probably chill out on that for a little while.

I didn't find anything about this being tied to just Windoze, but that would really be my assumption. Regardless, if you still have money IN the bank, do your business in person for a little while, unless you have made sure you are up to date on the browser you are using.

I also didn't find that it was affecting Chrome, or Opera.

I'm sure we would all welcome opinions of experts as to a safe , usable alternative to IE. (keeping in mind that Linux, although probably the base for the BEST alternative to Windoze problems is out of reach for many due to technical considerations.)



www.ksat.com
(visit the link for the full news article)



posted on Aug, 2 2009 @ 12:09 AM
link   
Whole thread already on this over here



posted on Aug, 2 2009 @ 12:19 AM
link   
Sorry guys. Do what you must. Mods: do with this what you will.


 
Posted Via ATS Mobile: m.abovetopsecret.com
 



posted on Aug, 2 2009 @ 12:26 AM
link   
One thread can exist in Breaking News while another can exist in the proper forum.

This thread is in breaking News, the other is in Global Meltdown.

No harm no foul.



posted on Aug, 2 2009 @ 12:53 AM
link   
reply to post by KSPigpen
 


Feel free to carry on, best part of that thread was contained in the following:


Originally posted by HunkaHunka


In the following picture, I just scribbled out, you have Amazon.com (or any other web site) on the right.

Down on the left we have a starbucks (or other wifi enabled location). In this scenario, the bad guy is on the same wireless segment (He doesn't have to be). Also in the picture below, the bad guy has managed to become the victims gateway through a poisoned arp cache technique or some other mechanism. He then intercepts the communications between the victim and amazon.com

Now, using The Middler, a different tool being released this weekend, you could simply inject an iframe on the first non-ssl connection.

But using this new technique Kaminsky is talking about, you can also simply mod the server certificate of a WELL KNOWN SITE and present it to the client without it realizing the difference.




new topics

top topics
 
1

log in

join