in

Syrian 'Man-in-the-Middle' Attack Hits Facebook

The Syrian Telecom Ministry earlier this week launched a man-in-the-middle attack against the HTTPS version of the Facebook site, according to Electronic Frontier Foundation.

Also known as bucket-brigade attack or Janus attack, this form of online eavesdropping allows a hacker to insert himself between two communicating parties. While both parties believe they are talking to each other, the attacker can delete or modify the communications at will.

“The attack is not extremely sophisticated: The certificate is invalid in users’ browsers, and raises a security warning,” EFF’s  Peter Eckersley wrote on EFF’s Deeplinks Blog.

Because users see these warnings for many operational reasons, they often ignore them and through them reflexively. However, doing so will allow the attackers access to and control of victims’ Facebook accounts.

Calling it  “very much an amateur attempt at attacking Facebook’s HTTPS site,” Eckersley said the certificate was not signed by a Certificate Authority that was trusted by users’ web browsers.

ExecutiveBiz Logo

Sign Up Now! ExecutiveBiz provides you with Daily Updates and News Briefings about Cybersecurity News

mm

Written by Admin

Terror Alerts Arrive at a Cellphone Near You - top government contractors - best government contracting event
Terror Alerts Arrive at a Cellphone Near You
Experts Doubt Iran's Claims of being Cyber Attacked - top government contractors - best government contracting event
Experts Doubt Iran's Claims of being Cyber Attacked