Hacker innovation: "man in the Middle" attack obsolete, bypass attacks appeared-hacker, network security-IT information

IT information for SSL/TLS "man in the Middle" attacks are not uncommon, but security experts and to find a new way, and that is "no road", bypassing combination attack. It does not require an intermediary to sniff the traffic, disable third-party cookies to ease the threat of attack.

Traditional intermediaries for an attacker to sniff or control flow, which is one of the preconditions for this type of attack. In this year's "Black Hat (Black Hat)" Security Conference two security researchers come up with combinations of a new way to bypass, you do not need intermediaries to sniff traffic. This technique is known as the HEIST:HTTP of the Encrypted Information can be Stolen through TCP-windows, across the response packet that can be transmitted over the TCP layer size and lack of SSL/TLS message length to hide weaknesses, to deduce the information contained in the encrypted response. Researchers using this method can decrypt and encrypt e-mail addresses contained in the response, sensitive information such as social security account.

Two researchers in the public before publishing its report to the Google and Microsoft disclosed the findings in advance, their attacks are malicious ads displayed on this website by a third party to achieve. The researchers said, the only way to ease the disabling third-party cookies, most browsers accept third-party cookies by default, so users should guard against in time.

黑客创新：“中间人”攻击已过时，旁路攻击现身 - 黑客,网络安全 - IT资讯

IT资讯讯 针对SSL/TLS的“中间人”攻击并不少见，然而现在安全专家又研究出新的攻击方式，那就是“不走中路”，进行旁路组合攻击。这种方式并不需要中间人去嗅探流量，禁用第三方cookies能缓解这种攻击的威胁。

传统中间人攻击者能够嗅探或操控流量，这也是此类攻击的先决条件之一。在今年的“黑帽（Black Hat）”安全会议上，两位安全研究员拿出了新的组合旁路攻击的方法，不需要中间人去嗅探流量。这种攻击技术被称为《HEIST: HTTP Encrypted Information can be Stolen through TCP-windows》，可利用通过TCP层传输的跨越响应包大小和SSL/TLS缺乏明文信息长度隐藏能力的弱点，去推断出加密响应中包含的信息。研究人员利用这种方法可以解密和加密响应中包含的电子邮件地址、社会安全账户等敏感信息。

两名研究员在公开发表报告前已经向谷歌和微软提前披露了这一发现，他们的攻击方式是通过在网站上展示第三方恶意广告来实现的。研究人员称，目前唯一缓和攻击的方法是禁用第三方cookies，而目前大部分浏览器都默认接受第三方cookies，所以相关用户还应该及时做好防范。