Browser-based man-in-the-middle attacks on the rise

by pr.arun-gmail in Security

on November 26, 2007, 11:26 PM PST

Browser-based man-in-the-middle attacks on the rise

Security firm F-secure reports that hackers are implanting malware into browsers that trigger only when users access banking sites. These attacks that specifically target several banks are harder to tackle with generic patches.

An excerpt from TechWorld:

Once a user’s PC is infected, the malicious code is only triggered when the user visits an online bank. The ‘man in the browser’ attack then retrieves information, such as logins and passwords, entered on a legitimate bank site. This personal data is sent directly to an FTP site to be stored, where it is sold to the highest bidder.

Man-in-the-middle attacks, a variation of which is the Man-in-the-browser attack, circumvents encryptions-based security by eavesdropping into the communication between trusted clients. While the clients are unaware that there is eavesdropping going on in the network, the malicious agent is free to tamper data that passes between the clients.

While the article notes that behavioral analysis would help prevent such attacks, products from firms such as KeyID are relevant as they help ensure that no other agent eavesdrops on a communication channel between two clients, i.e. only one SSL (Secure Socket Layer) connection exists.

The method used by KeyID adds an additional layer of authentication over the secure channel and even if the channel is hacked, the ID exists only for the session.

By pr.arun-gmail

Account Information

Contact pr.arun-gmail

Your message has been sent
|
See all of pr.arun-gmail's content

Editor's Picks

Image: Rawpixel/Adobe Stock

TechRepublic Premium
TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download

TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.

TechRepublic Staff
Published: March 14, 2023, 9:10 AM EDT Modified: March 15, 2023, 9:16 AM EDT Read More See more TechRepublic Premium
Image: Blue Planet Studio/Adobe Stock

Payroll
The Best Human Resources Payroll Software of 2023

With a lot of choices in the market, we have highlighted the top six HR and payroll software options for 2023.

Ali Azhar
Published: February 28, 2023, 11:11 AM EST Modified: March 20, 2023, 4:45 PM EDT Read More See more Payroll
Image: Microsoft.

Software
Windows 11 update brings Bing Chat into the taskbar

Microsoft's latest Windows 11 allows enterprises to control some of these new features, which also include Notepad, iPhone and Android news.

Mary Branscombe
Published: February 28, 2023, 2:59 PM EST Modified: February 28, 2023, 2:59 PM EST Read More See more Software
Image: tanatat/Adobe Stock

CXO
Tech jobs: No rush back to the office for software developers as salaries reach $180,000

Salaries for remote roles in software development were higher than location-bound jobs in 2022, Hired finds.

Owen Hughes
Published: March 3, 2023, 3:12 PM EST Modified: March 16, 2023, 12:56 PM EDT Read More See more CXO
Image: Nuthawut/Adobe Stock

Software
The 10 best agile project management software for 2023

With so many agile project management software tools available, it can be overwhelming to find the best fit for you. We've compiled a list of 10 tools you can use to take advantage of agile within your organization.

Brenna Miles
Published: December 27, 2022, 11:45 AM EST Modified: March 16, 2023, 2:25 PM EDT Read More See more Software
Image: Song_about_summer/Adobe Stock

Security
1Password is looking to a password-free future. Here’s why

With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely.

Karl Greenberg
Published: March 2, 2023, 3:44 PM EST Modified: March 7, 2023, 4:10 PM EST Read More See more Security

PURPOSE This policy describes the organization’s employee privacy guidelines and outlines employee privacy expectations. From the policy: POLICY DETAILS The organization’s IT equipment, services and systems are intended for business use only. However, the organization acknowledges that staff, consultants and volunteers occasionally require opportunities to make or receive personal phone calls, access personal email, utilize ...

PURPOSE The purpose of this Security Response Policy from TechRepublic Premium is to outline the security incident response processes which must be followed. This policy will assist to identify and resolve information security incidents quickly and effectively, thus minimizing their business impact and reducing the risk of similar incidents recurring. It includes requirements for both ...

PURPOSE This policy from TechRepublic Premium provides guidelines for reliable and secure backups of end user data. It outlines the responsibilities of IT departments and employees to identify tasks and action items for each group. The policy can be customized to fit the needs of your organization. From the policy: IT STAFF RESPONSIBILITIES IT staff ...

Browser-based man-in-the-middle attacks on the rise

Browser-based man-in-the-middle attacks on the rise

Editor's Picks

TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download

The Best Human Resources Payroll Software of 2023

Windows 11 update brings Bing Chat into the taskbar

Tech jobs: No rush back to the office for software developers as salaries reach $180,000

The 10 best agile project management software for 2023

1Password is looking to a password-free future. Here’s why

Employee privacy policy

Security response policy

End user data backup policy

Electronic communication policy

Account Information

Browser-based man-in-the-middle attacks on the rise

Daily Tech Insider Newsletter

Account Information

Share with Your Friends

Account Information

Contact pr.arun-gmail

Editor's Picks

Daily Tech Insider Newsletter