Researchers at Facebook and Carnegie Mellon University (CMU) have adapted a detection tool for man-in-the-middle attacks for Facebook, proving the method would work on a large-scale network.
The team embedded a Flash applet in Web pages served to Facebook users chosen at random. The code bypassed the network protocol stack of the browser and sent information on the certificates to a server run by the researchers.
The team analyzed more than 3 million SSL connections to the website and found 6,845 contained tampered or forged certificates. Most of the changes were related to antivirus and corporate content filters.
The experiment demonstrated the method would be useful to corporate security professionals who want to watch for man-in-the-middle attacks on users of company websites, says CMU professor and study co-author Collin Jackson. "This would be one way to identify if any employee's traffic is being tampered with, at least when they're communicating internally," Jackson says. He notes the research also emphasizes potential security risks introduced by antivirus products and content-filtering technology that function as proxies through which all Internet traffic flows.
From CSO Online
View Full Article
Abstracts Copyright © 2014 Information Inc., Bethesda, Maryland, USA
No entries found