man-in-the-middle – Page 34

Would a public DNS help secure downloads over an unsecure connection?

Posted on July 27, 2020 by user942937

I am downloading large files with their checksums/hashes on a Linux machine with the DNS manually setup to use a publicly available trusted DNS, e.g., Google’s 8.8.8.8 since I am aware that DNS can be spoofed to possibly host a compromised… Continue reading Would a public DNS help secure downloads over an unsecure connection?→

Is my VPN traffic really being routed through all these strange networks? [closed]

Posted on July 25, 2020 by Case39

I use the client of a reputed paid VPN company. With each server location I connect to, the log tells me I am instead connecting to networks completely unrelated to the company and the country of the VPN location. But when I check my exter… Continue reading Is my VPN traffic really being routed through all these strange networks? [closed]→

ASUS Home Router Bugs Open Consumers to Snooping Attacks

Posted on July 23, 2020 by Tara Seals

The two flaws allow man-in-the-middle attacks that would give an attacker access to all data flowing through the router. Continue reading ASUS Home Router Bugs Open Consumers to Snooping Attacks→

Protecting a website from being kidnapped

Posted on July 23, 2020 by George

I have a MediaWiki website in Hebrew;
As common with MediaWiki websites, it has lots of content and rebuilding it in case of a disaster isn’t feasible.
I chose to give that website a Global TLD (a non Israeli X.il TLD) because:

Currently,… Continue reading Protecting a website from being kidnapped→

Is the perfect MITM attack possible?

Posted on July 20, 2020 by user12067300

Let’s imagine a data link layer level MITM attack. Is it possible to fulfill all of the following points?

you completely hide your identity by forging your own MAC address
you create malformed packets, so the router doesn’t even know you … Continue reading Is the perfect MITM attack possible?→

Facebook app MITMs web requests? [closed]

Posted on July 20, 2020 by alex10791

I have noticed requests to my server coming from Facebook and I am a bit worried about what’s going on. I have correlated some with Instagram URL previews, but if this is the case, I wonder whether or not Facebook/Instagram is man-in-the-m… Continue reading Facebook app MITMs web requests? [closed]→

Full disk encryption and remote unlocking a mail server in the hand of a possible attacker, what could go wrong?

Posted on July 20, 2020 by Polizi8

Since I cannot receive email directly from my home server, I need an external device to receive messages for me and deliver them to my MTA via another port or via VPN. Instead of renting a VPS just for this, I was thinking about purchasing… Continue reading Full disk encryption and remote unlocking a mail server in the hand of a possible attacker, what could go wrong?→

Certificate validation details. How it’s done? [closed]

Posted on July 15, 2020 by Tom.Sawyer

I’ve read this post where it says:

"…an attacker can still take the whole signed content and present it
to you but won’t be able to change any details or the signature won’t
match."

How does the browser validate the details … Continue reading Certificate validation details. How it’s done? [closed]→

Detecting a web based MITM attack?

Posted on July 15, 2020 by paul

I’ve been looking into ways to detect a Man In the Middle attack, when the client has "duped" into trusting third party CA. Examples of this are, anti-virus applications and corporate firewalls who are now installing their own c… Continue reading Detecting a web based MITM attack?→

Server SSH fingerprint verification when authenticating with private key

Posted on July 14, 2020 by user238349

Assume I passed on my public key to a service provider for them to set up a "new" server and configure it for private key authentication (instead of root password).
Is the server fingerprint verification during my initial connect… Continue reading Server SSH fingerprint verification when authenticating with private key→