Tag: Hijacking | Page 28

Attackers could use Internet route hijacking to get fraudulent HTTPS certificates

August 5, 2015/in Computer Security

Inherent insecurity in the routing protocol that links networks on the Internet poses a direct threat to the infrastructure that secures communications between users and websites.

The Border Gateway Protocol (BGP), which is used by computer network operators to exchange information about which Internet Protocol (IP) addresses they own and how they should be routed, was designed at a time when the Internet was small and operators trusted each other implicitly, without any form of validation.

If one operator, or autonomous system (AS), advertises routes for a block of IP addresses that it doesn’t own and its upstream provider passes on the information to others, the traffic intended for those addresses might get sent to the rogue operator.

To read this article in full or to leave a comment, please click here

Network World Security

Google warns of deadly manual account hijacking attacks

November 15, 2014/in Computer Security

If an attacker compromises an online account what damage can they do and does the user wrest back control?

A new Google analysis of manual (as opposed to automated) account takeovers on its own services between 2011 and 2014 suggests that getting a hijacked account back is often a painful process that happens only after considerable damage has been done.

Manual attacks get to work on a compromised Gmail victims account very rapidly, within 30 minutes in many cases, while trawling through the victim’s email history for banking details and other valuable data usually took no longer than between minutes.

To read this article in full or to leave a comment, please click here

Network World Security

Apple’s iOS 8 fixes enterprise Wi-Fi authentication hijacking issue

September 23, 2014/in Computer Security

Apple’s iOS 8 addresses a serious weakness that could allow attackers to hijack the wireless network authentication of Apple devices and gain access to enterprise networks.

“An attacker could have impersonated a WiFi access point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash, and used the derived credentials to authenticate to the intended access point even if that access point supported stronger authentication methods,” Apple said in its security advisory for iOS 8.

The vulnerability stems from Apple’s implementation of the WPA2-Enterprise security protocol that’s widely used on corporate wireless networks because it allows clients to have unique access credentials instead of using a preshared password like in the case of WPA2-Personal, the wireless security protocol used on home networks.

To read this article in full or to leave a comment, please click here

Network World Security

Hijacking Office 365 and other major services via cookie re-use flaw

July 16, 2013/in Internet Security

When is logging off the opposite of security? One example would be Office 365 since logging off blocks the authorized user, but not the attacker. Microsoft’s Office 365 isn’t the only offender as ethical hacking professor Sam Bowne pointed out after testing cookie-reuse on major websites.
Ms. Smith’s blog

Tag Archive for: Hijacking