|
-
May 22nd, 2009, 03:26 PM
#1
Breaking Web Browsers' Trust
Is your SSL connection really secure?
The researchers say that they were able to successfully attack Internet Explorer 7 and 8, Firefox 2 and 3, Opera 9, and Chrome Beta and 1.
Chen's group uncovered a problem with the way Web browsers display information from Web pages when a secure communications link has been established. They found that most browsers will sometimes treat insecure data as if it's part of the secure protocol. This means that a Web proxy--a machine sitting in between the browser and a website--can issue commands that the browser interprets as coming from a secure website, even if they are not. "In reality, it's very difficult to make sure that you are using a trusted network," he says.
For example, when a browser requests access to a secure website, the proxy could return a fake error message that the browser displays as genuine. The browser could then be tricked into sending secure messages to both the legitimate server and the malicious proxy.
http://www.technologyreview.com/web/22682/
In God We Trust....Everything else we backup.
Similar Threads
-
By SDK in forum Miscellaneous Security Discussions
Replies: 4
Last Post: January 28th, 2005, 05:54 PM
-
By devilmech in forum Cosmos
Replies: 27
Last Post: September 2nd, 2003, 02:23 PM
-
By hot_guy in forum AntiOnline's General Chit Chat
Replies: 3
Last Post: August 2nd, 2003, 02:18 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote