In Conclusion
11. In Conclusion
There are some in the security business who advocate that strong passwords will solve most of the difficulties associated with identity management and authenticating users. But all of the previously mentioned attacks will break any non-ciphered password entered. Others advocate using Two Factor Authentication (covered next in the series), but even that is susceptible to the MITM attack.
With this information in hand, take a fresh and critical look at that login page when you next use it. You will be able to make your own mind up about the level of security afforded to you by your site administrator. This is particularly true in cases where you are parting with sensitive information.
So, you may ask, what can I do? Actually, not all that much. You can be wary of certificates, look out for malicious software on your computer, and so on. In the end, however, it is up to the security industry to create solutions that go to the roots of these problems, and systems administrators to implement those solutions and get ordinary users to employ them. There are many initiatives in progress to protect against these attacks, but not everyone has access to them yet. In the meantime, beware!
Pat McKenna is a security consultant and CTO with 2SA Plus, a company specializing in Two Factor Authentication and matters of Identity Management. He is 45 and has been in the IT business for 15 years, during which he has held many positions, including company director. Prior to a career in IT, he worked in the security & intelligence field. He is proficient with many computer languages, old and new, and has trained hundreds of programmers. His hobbies are chess and penetration testing (aka ethical hacking).
- Previous page MITM via Proxy Example, Continued
