PPRuNe Forums - View Single Post - "Man in the Browser" Infection - Care!
Thread: "Man in the Browser" Infection - Care!
View Single Post
Old 6th April 2010 | 13:42
  #4 (permalink)  
Saab Dastard
Administrator
 
Joined: Mar 2001
: PPL
Posts: 8,121
Likes: 686
From: Twickenham, home of rugby
Ancient Observer,

As you describe it, that can only work by hijacking either the DNS entries in the network settings of the OS (to point all DNS queries to a false DNS server), or by writing to the hosts file.

It can direct the correct URL to a spoof website by resolving the URL to a new IP address by either of the mechanisms above. Once on the spoof site it can direct an incorrect SSL URL to a site for which it does have a genuine certificate.

What it will not be able to do is spoof the SSL certificate of the correct website.

So vigilance is required at all times!

SD
Saab Dastard is offline  
Reply
0