Adi Sharabani, manager of our own IBM Rational Security Group, gave a keynote presentation on the subject of Active Man in the Middle attacks at the recent OWASP AU conference that was held yesterday.
With an Active MitM attack targeting Web Applications, an attacker can steal users' private data for any site he chooses if his victim uses a public network to read the latest news headlines or weather report on an 'uninteresting' site. In addition, the attack could also be made persistent, even after the victim has left the MitM influence. These attacks are a product of a serious design flaw and not an implementation error or bug.
Although MitM attacks against Web Applications have been partially discussed before with similar issues such as "SideJacking" and "Surf Jacking", a comprehensive full research has yet to have been performed.
The presentation attached gives an overview of the subject while the paper gives thorough in-depth description of this dangerous category of attacks and proposed remedies.
You can download the presentation in PPT format here, or download the full version of the whitepaper as PDF here.
WOW! Pretty amazing stuff. I was reading this from the airport's hotspot - Hope I wasn't infected :)
I liked the double active attack concepts described in your slides.
Would you expect more of your Active attacks to be identified in the future?
Posted by: Nathan | March 03, 2009 at 01:21 PM
Hi Nathan,
Since the nature of the Active attack scenarios we described (i.e. Stealing session cookies, Cache poisoning) is that of design, not implementation - it is entirely feasible that we will see new Active attack scenarios in the future.
Posted by: Roi Saltzman | March 11, 2009 at 11:16 AM