May 21, 2013

You are here: Home / Archives for Man-in-the-Middle

Apple Releases iTunes 10.5.1 to Fix Man-in-the-middle Vulnerability

November 15, 2011 by

(LiveHacking.Com) - Apple has released iTunes 10.5.1 to fix a potentially dangerous man-in-the-middle vulnerability. According to the iTunes 10.5.1 security advisory a hacker using a man-in-the-middle attack could offer software to end users that appears to originate from Apple. This is course would be a way to infect a computer with malware. The vulnerability exists in iTunes for Windows and for OS X.

iTunes periodically checks for software updates using an HTTP request to Apple. This request may cause iTunes to indicate that an update is available. If Apple Software Update for Windows is not installed, clicking the Download iTunes button may open the URL from the HTTP response in the user’s default browser. This issue has been mitigated by using a secured connection when checking for available updates. For OS X systems, the user’s default browser is not used because Apple Software Update is included with OS X, however this change adds additional defense-in-depth.

The vulnerability was reported to Apple by Francisco Amato of Infobyte Security Research.

iTunes 10.5.1, which is available for Mac OS X v10.5 or later, Windows 7, Vista and XP SP2 or later also introduces iTunes Match. Announced earlier this year, this new service allows users to store their entire music library in iCloud, including music that has been imported from CDs.

 

Filed Under: Apple, Apple, Vulnerability Tagged With: , , ,

Missing Dots in Email Addresses Allows Security Researchers to Catch 120,000 Messages

September 13, 2011 by

(LiveHacking.Com) - Security researchers have captured thousands of emails by buying domains for commonly mistyped email addresses. Over six months they grabbed 20GB of data made up of 120,000 wrongly sent messages. These emails included trade secrets, business invoices, personal information about employees, network diagrams and passwords.

According to researchers Peter Kim and Garret Gee of the Godai Group around 30% of the top 500 companies in the US were vulnerable to this data leak.

The problem arises because of the way some organisations set up their email systems. Most companies use a single domain for all email, but some use subdomains. So rather than just user@bank.com the company has set up us.bank.com for its USA employees and uk.bank.com for its UK employees and so on.

By buying domains like usbank.com and ukbank.com the researchers where able to catch emails addressed to user@us.bank.com but due to a typing error were sent to user@usbank.com (without the dot after ‘us’).

Rather than getting an email back reporting the mistyped address, the email in fact went to the researchers. From there the email was forwarded to the correct address but with a bogus reply address so that the researchers could capture all the replies as well. This is what is known as a man-in-the-middle attack, or more specifically for email a man-in-the-mailbox attack.

Writing on the blog of security firm Sophos, Mark Stockley said: “It’s striking that the researchers managed to capture so much information by focusing on just one common mistake. A determined attacker with a modest budget could easily afford to buy domains covering a vast range of organisations and typos.”

Filed Under: Security, Security Report Tagged With: , , , , ,