Man-in-the-Middle Attacks more wide spreadHacker groups have confirmed that man-in-the-middle attacks can be used to render SSL security null and void whenever an end user transacts over the Internet. The inventor of SSL begs to differ with that conclusion, explaining that browser problems are responsible for the hacking method's effectiveness. Furthermore, he claims that the effects of man-in-the-middle attacks over the reportedly vulnerable SSL cannot be oversimplified that way. MITM Attacks more popular than ever for SSL attacksMan-in-the-middle attacks, otherwise known as MiiM, are labeled as such because they insert a proxy in between a web server and a browser. The web browser first asks for a certificate and the proxy will intercept the answer to that request and deliver its own trustworthy intermediate certificate in its place. It's instead a security hole that's symptomatic with problems of the browser trust model. The fault happens because the browser is able to trust—that is, accept that a site is secure to browse through via a security certificate—a lot of different things. The problem with the browser trust model is that it has to serve two masters. On one hand, a tighter trust model is needed from a security standpoint. On the other hand, a more flexible solution is preferred in a business standpoint. For instance, MiiM can be used by corporations to ensure that there is no leakage of data via encrypted channels. |