Browser flaws expose users to man-in-the-middle attacks

Browser flaws expose users to man-in-the-middle attacks

Summary: Security researchers at Microsoft have found a way to break the end-to-end security guarantees of HTTPS without breaking any cryptographic scheme.During a research project (.

SHARE:
TOPICS: Browser, Security
59

Security researchers at Microsoft have found a way to break the end-to-end security guarantees of HTTPS without breaking any cryptographic scheme.

During a research project (.pdf) concluded earlier this year, the Microsoft Research team discovered a set of vulnerabilities exploitable by a malicious proxy targeting browsers' rendering modules above the HTTP/HTTPS layer.

Here's the gist of the problem, as explained by the research team:

[In] many realistic network environments where attackers can sniff the browser traffic, they can steal sensitive data from an HTTPS server, fake an HTTPS page and impersonate an authenticated user to access an HTTPS server. These vulnerabilities reflect the neglects in the design of modern browsers -- they affect all major browsers and a large number of websites.

According to a SecurityFocus advisory,  attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how sites are rendered to the user. Other attacks are also possible.

Affected browsers include Microsoft's Internet Explorer 8, Mozilla Firefox, Google Chrome, Apple Safari and Opera.

Originally, it was believed that this issue only affected Mozilla's browsers but the advisory was update to reflect that the issue affects multiple browsers, not just Mozilla products.

Topics: Browser, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

59 comments
Log in or register to join the discussion
  • Apple Safari

    Well from all of the posters on this site i was lead to think that anything with the made by Apple was bullet proof and no way could any of Apples products ever be affected by anything bad.

    So maybe it was just a oversite that Apple Safari was on the list since Apple is perfect and nobody can mess with them
    Mashman
    • Apples not bulletproof, anyhow

      Case in point; I just set up a brand spanking new Macbook Pro for a client on their network.
      Had a problem installing HP fax printer.

      So while in the applications folder, in this "bulletproof" Macbook Pro is is only software authorized by the Mac gods themselves stands Mcafee.
      tinkn69
      • Anecdotal evidence

        I went outside once and it was cold. QED I can draw an informed conclusion about the world based on one event.

        For what it's worth, I've never seen any A/V product in a clean OS X install - not even a trial version.

        That is not to say that
        (a) it's possible - Apple do install some 3rd party software in some bundles
        (b) so do third party resellers
        (c) Macs are inherently problem free
        (d) that Macs cannot pass on Windows viruses via re-transmitting Windows documents

        But your logic and reasoning is faulty.
        JulesLt
    • That was a strawman

      Nobody's said that Macs are bulletproof, just that they're lightyears more
      secure than Windows.

      Hackers have tried through the years and the best they could do was to
      use trojans, i.e. fool the user into installing the malware. Much worse is
      of course the situation for Microsoft and all their customers who can visit
      a website or simply get on-line and immediately get infected. Practically
      zero security.
      Mikael_z
      • @Mikael_z

        It gets really tired when people who should know better keep using legacy information to make their claims. Not since the early days of IE6 has a site been able to automatically upload malware to your desktop without user interaction.

        Apple has had carpet bombing attacks that automatically download. It's preposterous to keep asking how many of these occur in the wild. Let me ask, how would you know if you got a virus on your MAC?

        It get's really tired when Apple advocates claim that a person has to be a moron to get a virus on a MAC by downloading something, but doesn't think about the fact that the same is the case in both Linux and Windows. Anytime someone downloads and executes a malware file on any platform, a virus can be executed.
        PlayFair
        • Media Access Control?

          First of all, MAC stands for Media Access control, a protocol used by
          ethernet. It is NOT a computer.
          Second, it would take more than a moron to get a mac virus. There ARE
          NO OSX viruses. Period. Do you even know the difference between a virus
          and a trojan, or a worm? Again, there are no OSX viruses, either in the
          wild, OR in the lab.

          "Anytime someone downloads and executes a malware file on any
          platform, a virus can be executed."

          Yeah, may want to lookup that definition again.
          SpiritusInMachina
          • Virus Shmirus

            Nitpick as you like. Macs (the computers) do pick up malware. In many discussions the term virus is used to indicate any variety of bug. Maybe the poster should have used another term to suit you?

            Also, the term MAC in this context refers to a computer... manufactured by a company named Apple (which is a brand name, not a fruit) and is clearly understood by all. Your jumping in with this semantic - based argument is just silly.

            So, yeah, MACs are computers, and they get viruses, even with OSX... You silly dipstick (which is a device used for measuring liquid quantity in a container such as an oil sump or fuel tank).

            notme403@...
          • Proper definition

            [i]Nitpick as you like. Macs (the computers) do pick up malware. In many discussions the term virus is used to indicate any variety of bug. Maybe the poster should have used another term to suit you?[/i]

            ~

            http://www.answers.com/topic/computer-bug

            [b](computer) bug[/b]

            A problem that causes a program to produce invalid output or to crash (lock up). The problem is either insufficient logic or erroneous logic. For example, a program can crash if there are not enough validity checks performed on the input or on the calculations themselves, and the computer attempts to divide by zero. Bad instruction logic misdirects the computer to a place in the program where an instruction does not exist, and it crashes.

            A program with bad logic may produce bad output without crashing, which is the reason extensive testing is required. For example, if the program is supposed to add an amount, but subtracts it instead, bad output results, although the computer keeps running. See abend, bug and buggy.

            A software bug is the common term used to describe an error, flaw, mistake, failure, or fault in a computer program or system that produces an incorrect or unexpected result, or causes it to behave in unintended ways. Most bugs arise from mistakes and errors made by people in either a program's source code or its design, and a few are caused by compilers producing incorrect code. A program that contains a large number of bugs, and/or bugs that seriously interfere with its functionality, is said to be buggy. Reports detailing bugs in a program are commonly known as bug reports, fault reports, problem reports, trouble reports, change requests, and so forth.

            http://www.answers.com/topic/computer-virus

            [b]computer virus[/b]

            A computer program that is designed to replicate itself by copying itself into the other programs stored in a computer. It may be benign or have a negative effect, such as causing a program to operate incorrectly or corrupting a computer's memory.

            A program that enters a computer (usually without the knowledge of the operator). Some viruses are mild, and only cause messages to appear on the screen, but others are destructive and can wipe out the computer's memory or even cause more severe damage. Computer viruses spread from machine to machine on disks and through telephone lines.

            ~

            Try to get it right, will ya....
            Wintel BSOD
          • Nope on all counts

            Sorry, MACs are NOT computers; it is an acronym. Macs are
            computers, as already pointed out.
            Also, again, pay attention, THERE ARE NO OSX VIRUSES. Period.
            And many people find this an important distinction.
            As for macs picking up malware, ANY general purpose computational
            device can have "malware," since all that means is software written to
            do bad things. Since good and bad are entirely relative, any computer
            can run "bad things"

            rm *.* is sometimes exactly what you want. (Not too often though.)

            SpiritusInMachina
          • No Mac Viruses (Cough)

            Ahem....[u]http://www.chotocheeta.com/2009/01/23/apple-os-x-gets-a-virus-attack-p2p-distributed-iwork-09-comes-with-osxtrojaniservicesa-trojan-horse/[/u]
            kc117mx
          • Do you even bother to read before you post?!?

            Since a central POINT of my post was the difference between trojans and
            viruses, why would you post an example of a trojan to refute my point
            about viruses?!?

            Again, there are no OSX viruses.

            And see a doctor for that cough. It's irritating.
            SpiritusInMachina
          • You may want to do some research

            This article from 2006 describes the first Mac virus (affecting OSX):

            http://www.sophos.com/pressoffice/news/articles/2006/02/macosxleap.html
            pparks_2000
          • And what is "Sophos"?

            They're an anti-virus company. OF COURSE!

            ~

            Seems like you have to go through a lot before opening OSX/Oomp-A

            http://www.ambrosiasw.com/forums/index.php?showtopic=102379

            You can't just click on it and watch an .exe happen like you can with the thousands of pieces of Windoze malware out there...
            Wintel BSOD
          • Oh lord, Leap-A? Really?!?

            Research? Try simple reading.
            Not only was Leap-A NOT a virus, it even SAID so in the headline of
            the article YOU linked to!!!

            "OSX/Leap-A worm spreads via iChat instant messaging software"

            That said, they are completely incorrect categorizing worms as a
            subclass of viruses. They will be hard pressed finding any security
            researcher who categorizes them as such.

            Also, Leap-A didn't even do anything, nor could it. It was not capable
            of privilege escalation, so as such was impotent.
            SpiritusInMachina
      • There's a reason why Macs are 'more secure'

        It is called "market share".

        Malware makers just don't think Macs are widely used enough. That is why they don't see it necessary to develop many malwares for Macs. Their time is valuable, you know?

        But as more and more upper management people use Macs, more and more malware makers will target Macs. Then... whammo! A super-uber-malware will start infecting Macs around the world, and the Mac people will have no idea how to fix it.
        pandu@...
        • You don't actually think that was even remotely insightful, do you?!?

          That tired market share argument has been disproved so many times,
          it has gotten annoying.
          It is equally annoying, considering how old the argument is, that
          people like you post it like it is some great revelation, expecting
          people to say, "Wow, you know, I never thought of that before."
          Please, you are not in any way an original thinker, and everyone has
          heard it before.
          But to the specifics. First, you can attack that silly argument from
          the underside. If that statement were true, one would be hard pressed
          to explain the existence of a number of viruses for such platforms as
          the Atari ST, the macOSes 7-9, and even the Coleco ADAM. Surely you
          are not claiming they ever had significant market share!
          One can also attack it directly from the top. Mac market share has
          tripled in the past two years. From your postulate, one would conclude
          that malware, especially viruses (of which there are still ZERO) should
          have increased. But this has not happened. Or are you claiming some
          magical threshold level, after which this torrent of malware will
          suddenly strike. If so, you will be hard pressed to explain the even
          larger lack of data to support this position.
          In addition, the MAJORITY of malware code is still adapted from
          exploits written in research settings. The financial motive is just not
          the same in this context, and to some extent is inverted. Market share
          is irrelevant, and bragging rights still hold sway. And yet still no
          viruses. Even the various winners of such contests as pwn2own do not
          succeed at privilege escalation exploits without physical access, and
          will readily admit, including the much-lauded Charlie Miller, that
          successful mac exploits of this nature are unlikely.

          As for having no idea how to fix it, being that there are several mac
          anti-malware apps, including the Open Source Clam AV, I doubt it
          would take much effort to fix.
          SpiritusInMachina
        • No it's not

          [i]Malware makers just don't think Macs are widely used enough. That is why they don't see it necessary to develop many malwares for Macs. Their time is valuable, you know?[/i]

          At 10% market share, there's millions to be made off of malware.

          Could it be they just can't come up with one without social engineering being involved? Like just clicking on a website and having it automatically installed the Windoze way?

          [i]But as more and more upper management people use Macs, more and more malware makers will target Macs. Then... whammo! A super-uber-malware will start infecting Macs around the world, and the Mac people will have no idea how to fix it.[/i]

          Well considering they still can't fix Windoze yet, that could be plausible.
          Wintel BSOD
      • Macs more secure? NOT!

        Let me quote the winner of the "Pwn2Own" contest (i.e. *he* ought to know): "Hacking into Macs is so much easier. You don?t have to jump through hoops and deal with all the anti-exploit mitigations you?d find in Windows."

        See: http://blogs.zdnet.com/security/?p=2941 for the interview.

        MAC security is a joke.
        aureolin
        • RE: Macs more secure? NOT!

          Notice that the people you quote make their living selling their Windows based stuff as a secure solution; so they have much to gain with a lie like that. If what he said were true, then we would have seen a lot more viruses and hacks on the Mac, and some of them would not require the user supply it with a password like the viruses we have heard about so far.

          Anything can be hacked, but the fact that Windows hassles the legitimate user more than the Mac, does not somehow make Windows more secure.
          RedVeg
        • Wrong, even in all caps

          First, their is nothing wrong with MAC security. Running the Media
          Access Control Protocol on ethernet routers is secure when coupled with
          appropriate security measures.
          Oh, you meant macs? Why didn't you say so.
          Interesting that you quote Charlie Miller. Did you know that MIller has
          NEVER successfully mounted a privilege escalation attack? He is able to
          commandeer Safari to deface a webpage or two, but is unable to do any
          significant damage, the likes of which most people associate with
          malware. There is a reason that Charlie Miller prefers macs, and thinks
          they are better machines.
          SpiritusInMachina