This is Ejo60's Typepad Profile.
Join Typepad and start following Ejo60's activity
Join Now!
Already a member? Sign In
Ejo60
Recent Activity
Compromised certificates are a serious problem. As a result probably the CA system requires a thorough review, yet there are sufficient reasons to believe that the man in the middle attack is rather unlikely outside Iran. And also, there are several easy countermeasures providing some form of protection against MITM attacks. Any challenge based response like CAPTCHA puts a heavy load on the MITM. Cell phones could be used to send text messages with validation codes, or security devices require the user to return a validation code. In all cases a MITM would not be able to do what a user could do. Furthermore you may ask yourself where a MITM could be located, and whether it is likely that his presence would be unnoticed. The user could be affected by phishing software (for which we protect ourselves), or the MITM could be a hacked server at your ISP (which I sort of exclude as a possibility in civilized countries), or the MITM could be a compromised public access point when you use wifi. Any sort of alert by for instance the CertWatch add-on in firefox while you would try to browse to a secured website through a public access point would certainly trigger my attention. But how many users click such messages away, without asking what it means, and which risks are involved?
Toggle Commented Sep 13, 2011 on Cyberwar: Iran's Counterattack? at Skating on Stilts
Ejo60 is now following The Typepad Team
Sep 12, 2011