MITM

Pierluigi Paganini March 24, 2015
Chinese CA issued bogus digital certificates for Google domains

Google security team has recently discovered and blocked fraudulent digital certificates issued for several Google domains by a Chinese CA. On March 20, Google security team has discovered and blocked fraudulent digital certificates issued for several Google domains. The investigation revealed that a Chinese certificate authority was using an intermediate CA, MCS Holdings, that issued the bogus […]

Pierluigi Paganini January 20, 2015
Chinese Government runs a MITM attack against Microsoft Outlook

GreatFire revealed that the popular Microsoft Outlook emailing service was subjected to a man-in-the-middle (MITM) attack in China. This time the popular Outlook email service was allegedly hacked by Chinese authorities. The Outlook email service was not reachable in China over the weekend and according the to experts at the GreatFire organization, Chinese Government run a man-in-the-middle […]

Pierluigi Paganini December 10, 2014
POODLE SSL flaw is threatening also TLS Security Protocol

Researchers at Qualys revealed that POODLE is likely to hit some of the most popular websites because the flaw also affects implementations of newer TLS. POODLE (Padding Oracle On Downgraded Legacy Encryption) is a critical vulnerability affecting SSL that was discovered in October 2014. The researchers at Google that discovered it, explained that the POODLE flaw is related […]

Pierluigi Paganini November 22, 2014
DoubleDirect MitM Attacks are targeting users worldwide

Security experts at Zimperium discovered a new MITM attack technique dubbed DoubleDirect that is targeting iOS, Android and Mac users worldwide. DoubleDirect is the name of a new Man-in-the-Middle (MitM) attack discovered by security researchers that is targeting mobile devices running either iOS or Android and potentially Mac OS X systems. The DoubleDirect MitM attack allows attackers to hijack the victim’s traffic […]

Pierluigi Paganini October 31, 2014
ASUS Wireless Routers RT Series updates vulnerable to a Man in the Middle attack

The security expert David Longenecker discovered that the update process for ASUS Wireless Routers RT Series is vulnerable to Man-in-the-Middle attacks.  The security expert David Longenecker discovered that ASUS Wireless Routers RT Series are vulnerable to Man-in-the-Middle attacks. The researcher explained that that the routers download updates via HTTP without an encryption protocols as explained in the blog post by Longenecker. […]

Pierluigi Paganini October 21, 2014
100 million iCloud users spied by the Chinese Government

A report confirms that China is collecting private data of more that 100 million Apple iCloud users resident in the country with a man-in-the-middle attack. The Chinese Government has launched a new hacking campaign that is targeting Apple iCloud users in the country, the news was reported by the censorship watchdog GreatFire.org is a blog post. […]

Pierluigi Paganini October 15, 2014
POODLE attack on SSL menaces Internet, it’s time to disable it by default

The POODLE against SSL 3.0. A new attack on SSL is threatening the Internet again, it allows bad actors to decrypt traffic over secure channels. Another critical flaw affects one of the protocols most used to secure Internet traffic, Secure Sockets Layer (SSL) and attacker could exploit the attack dubbed POODLE (Padding Oracle On Downgraded Legacy Encryption) to run a […]

Pierluigi Paganini October 02, 2014
China replies to Hong Kong protests with spyware, MITM and censorship

Security experts speculate that the Chinese government is using mobile spyware, MITM attacks and Internet monitoring to control Hong Kong protesters. In the last days I published the news regarding a spyware used to spy on activists in Hong Kong, a Fake Occupy Central app is targeting the smartphones of the activists belonging to the Occupy Central […]

Pierluigi Paganini September 08, 2014
CERT disclosed the list of most popular vulnerable Android apps

The CERT has published the results of its test conducted on popular Android applications that fail to properly validate SSL certificates. In several posts we have discussed about the improper validation of  SSL certificates made by mobile devices, recently we mentioned the case of the Gmail app for iOS devices which, according to an expert at mobile security […]

Pierluigi Paganini September 08, 2014
The Chinese Government runs MitM attack on Google users

The Chinese Government is running a MITM attack on SSL encrypted traffic between Chinese China Education and Research Network and Google. Google website, like many other web services, is blocked by the Chinese Government, which operate a rugged censorship on the Internet content. But block a resource like Google is anachronistic and counterproductive, for this reason, China allows […]