Reminder, some 2fa is susceptible to man in the middle attack's, FIDO U2F is not.

Note, I helped design the security infrastructure for several organizations working in the middle east and throughout Asia. After indepth research this is what we've landed on. Wherever possible now I avoid everything except U2F Fido.

FIDO U2F is a kind of 2fa, as is totp, sms codes, etc. Totp and SMS codes, however are susceptible to mitm attacks. Fido u2f, is not. This is exacerbated as people are now putting their time based codes in bitwarden. I propose it doesn't matter because these codes are already not able to protect you from the most likely attack scenario, mitm...

Fido u2f usually comes as a physical key, but.... Not all physical Keys are u2f!!! Some only give off a time based codes or other type of code.

Fido u2f is a different 2fa. The Fido key code that is generated, is computed in a handshake with the correct login page. Whenever possible, do not use totp or sms codes. Use Fifo u2f.

It works like this: Totp or sms codes, non u2f keys: A nefarious agent sends you to a fake email login, such as Google. Either using dns poisoning or another mechanism, it looks like Google's login page. Because of dns poisoning, the password app believes it to be true. The fake web page asks for youre email, password and automatically tries them in Google, if a request for a code comes up, the fake login also prompts you for the code. The man in the middle, simply passes these over so the compromised server in the middle now has access to your email. The server in the middle then steals youre information, or worse yet changes your password and disables 2fa. Many times, after the successful attack you are shown a password incorrect message, try again, and are them passed over to the real Google web page, and your password works this time. You simply think something went wrong in the process. Meanwhile there server, the man in the middle, now has access to your email.

Fido U2F is different. As stated, the Fido key code is computed in a handshake with the correct login page. If the handshake fails, the web page doesn't get the second factor login. So, in our man in the middle attack, the nefarious actor tries to get access to your email. DNS poisoning makes the password manager accept the fake login, and then the mitm sees Google wants a 2fa code. However, the u2f key does not survive the handshake with the fake login page, and the man in the middle cannot authenticate. If the mitm lets Google handle the handshake, only you

... keep reading on reddit ➑

πŸ‘︎ 46
πŸ“°︎ r/Bitwarden
πŸ’¬︎
πŸ‘€︎ u/Der_Missionar
πŸ“…︎ Mar 07 2021
🚨︎ report
Is Telegram secret chat safe from man-in-the-middle attacks?
πŸ‘︎ 8
πŸ“°︎ r/Telegram
πŸ’¬︎
πŸ‘€︎ u/ExoticEuxantius
πŸ“…︎ Mar 14 2021
🚨︎ report
With PFOF and MM abilities, can Citadel use man-in-the-middle style attacks to borrow/return retail shares before the purchase hits an exchange?

Wouldn't that tactic allow them to not only be covering shorts (returning the "purchased" shares to the ETF/broker/etc it was borrowed from) and hedging any purchase, but would it also explain how they keep coming up with shares to short every day?

Shits gotten real deep the past couple weeks and I think everyone looking at this is missing something, maybe something obvious.

πŸ‘︎ 7
πŸ“°︎ r/GME
πŸ’¬︎
πŸ‘€︎ u/sirron811
πŸ“…︎ Mar 26 2021
🚨︎ report
Why do people use Quicklisp although it is known to be vulnerable to man-in-the-middle attacks?

I am trying to decide whether or not I should use Quicklisp. This is an honest question.

In many articles on the internet, I see people using Quicklisp to obtain Common Lisp libraries. I am under the impression that it is the de-facto package manager for Common Lisp, and that it is widely used. I understand that it is a convenient tool, and will make it easy for me to obtain a wide variety of Common Lisp libraries. What I don't understand, however, is why it is so widely used when there is a huge and obvious security hole in it: it downloads over HTTP and does not verify certificates/checksums/signatures. This makes it susceptible to man-in-the-middle attacks. I don't understand why this is still tolerated in 2021.

Am I wrong? Am I just paranoid? I don't want my computer to be so easily compromised by this obvious security lapse in Quicklisp.

  • If I am wrong in avoiding Quicklisp, please provide some explanations/citations in order to put my fears to rest.
  • If I am correct in avoiding Quicklisp, I would like to know if there are alternative Common Lisp package managers that follow security best practices.

Thank you for your time.

πŸ‘︎ 49
πŸ“°︎ r/lisp
πŸ’¬︎
πŸ‘€︎ u/SteadyWheel
πŸ“…︎ Jan 30 2021
🚨︎ report
Someone is performing a man in the middle attack or session hijacking what can i do to stop both of these attacks please help. Thank you.

I think i got hacked what can i do will factory reset my modem fix these. Thank you. Last time my internet was telling my chormobook to go to a captive portal but i dont have one enabled it said. the internet you are using may required you to log in. something like that.thank you

πŸ‘︎ 6
πŸ“°︎ r/AskTechnology
πŸ’¬︎
πŸ‘€︎ u/Bestifriend
πŸ“…︎ Mar 23 2021
🚨︎ report
I made an ARP Cache Poisoning tool that automatically sets up a Man-in-the-middle attack on a target host, intercepting its internet traffic. It only uses Python 3.x built-in libraries.

Initiating a Man-in-the-middle (MitM) attack usually requires setting up information on the target host and gateway, as well as executing the attack against each one individually. On top of that, doing this in Python is often portrayed as requiring third-party libraries in many books and tutorials out there.

This tool makes exclusive use of built-in Python 3.x libraries and automatically reads all the information required to initiate the attack, requesting from the user nothing but the target's IP address (as long as it belongs to the same network segment as the attacker, as is the case of any ARP spoofing attack).

Use this tool to assess the security controls implemented on your own networks, test Intrusion Detection Systems you may have set up or simply expand your knowledge on cybersecurity and Python programming in general.

This is a continuation of the building of a pure-Python tool set I announced previously with my Network Packet Sniffer. This time we make use of design patterns such as command and proxy, query networking information from kernel routing tables and perform the usual operations with ctypes.

The code is available on GitHub and open to pull requests. Make good use.

https://github.com/EONRaider/Arp-Spoofer

πŸ‘︎ 826
πŸ“°︎ r/Python
πŸ’¬︎
πŸ‘€︎ u/EONRaider
πŸ“…︎ Dec 06 2020
🚨︎ report
What is MAC layer Man in the Middle attacks on networks securecoding.com/blog/man…
πŸ‘︎ 27
πŸ“°︎ r/netsecstudents
πŸ’¬︎
πŸ‘€︎ u/BlindBaldEagle
πŸ“…︎ Feb 08 2021
🚨︎ report
Who is actually able to perform a man-in-the-middle attack?

I am reading about man-in-the-middle attacks. I was just wondering, who can actually do this?

I assume that a computer with a static IP can’t just request all IP packets sent from some IP address to another?

Is it always some physical attack like digging up optic fibres under your house or listening to the radio waves emitted by some WiFi box in a cafe?

Or is it some software trick?

Obviously if data is encrypted, the attacker can’t do much. I’m asking about how the data is even accessed in the first place

πŸ‘︎ 49
πŸ“°︎ r/AskProgramming
πŸ’¬︎
πŸ‘€︎ u/XiPingTing
πŸ“…︎ Dec 27 2020
🚨︎ report
How to perform the "Man in the middle" cyber Attack
πŸ‘︎ 22
πŸ“°︎ r/disneyvacation
πŸ’¬︎
πŸ‘€︎ u/stothers
πŸ“…︎ Dec 12 2020
🚨︎ report
Wyze Cam V2 is vulnerable to Man in the Middle attack on motion alert video uploads networkcamerabug.info/
πŸ‘︎ 77
πŸ“°︎ r/wyzecam
πŸ’¬︎
πŸ‘€︎ u/TheOneAfter9oh9
πŸ“…︎ Aug 26 2020
🚨︎ report
Unfixable Kubernetes Security Hole Means Potential Man-in-the-Middle Attacks thenewstack.io/unfixable-…
πŸ‘︎ 4
πŸ“°︎ r/kubernetes
πŸ’¬︎
πŸ‘€︎ u/CrankyBear
πŸ“…︎ Dec 08 2020
🚨︎ report
Kubernetes developers warn against internal man-in-the-middle attacks groups.google.com/g/kuber…
πŸ‘︎ 14
πŸ“°︎ r/linux
πŸ’¬︎
πŸ‘€︎ u/FryBoyter
πŸ“…︎ Dec 10 2020
🚨︎ report
Detect and Block Exploit Attempts for Kubernetes Vulnerability: CVE-2020-8554 Man in the Middle (MiTM) Attack Using Kubernetes Service Resources

Read the blog here.

TL;DR

  • Kubernetes CVE-2020-8554 enables an attacker to intercept traffic from other pods (or nodes) in the cluster if the attacker can create or edit services and pods. This vulnerability was originally discovered almost a year ago, revealing a design flaw that affects all Kubernetes versions
  • Exploiting this weakness requires at the minimum RBAC permissions to create, update or patch Service resources, specifically:
    • An attacker that is able to create a ClusterIP service and set the spec.externalIPs field can intercept traffic to that IP.
    • An attacker that is able to patch the status.loadBalancer.ingress.ip field of LoadBalancer service status.loadBalancer.ingress.ip can intercept traffic to that IP.

What you can do about it:

  • At this point, CVE-2020-8554Β  does not have a software update that mitigates this issue. Users are advised to implement fine-grained access restrictions and can use RBAC policies and admission controllers such as this one, OPA Gatekeeper Constraint or others.
  • Scan Kubernetes audit logs for evidence of attempts to exploit this CVE.Β The creation of a new Service or modifying an existing Service leave traces in the audit log.
  • Monitor Kubernetes resources and entities for attempt at service creation or modification that allow attackers to intercept traffic.
  • Use admission controllers policy logic to deny and alert on external-facing or unauthorized Ingress Controllers and Services.
πŸ‘︎ 4
πŸ“°︎ r/docker
πŸ’¬︎
πŸ‘€︎ u/alcideio
πŸ“…︎ Dec 14 2020
🚨︎ report
Detect and Block Exploit Attempts for Kubernetes Vulnerability: CVE-2020-8554 Man in the Middle (MiTM) Attack Using Kubernetes Service Resources blog.alcide.io/kubernetes…
πŸ‘︎ 4
πŸ“°︎ r/kubernetes
πŸ’¬︎
πŸ‘€︎ u/alcideio
πŸ“…︎ Dec 09 2020
🚨︎ report
Detect and Block Exploit Attempts for Kubernetes Vulnerability: CVE-2020-8554 Man in the Middle (MiTM) Attack Using Kubernetes Service Resources blog.alcide.io/kubernetes…
πŸ‘︎ 3
πŸ“°︎ r/netsec
πŸ’¬︎
πŸ‘€︎ u/alcideio
πŸ“…︎ Dec 14 2020
🚨︎ report
Hacking Django Websites: Man In The Middle Attack with video example and how to prevent highertier.com/2020/12/14…
πŸ‘︎ 3
πŸ“°︎ r/django
πŸ’¬︎
πŸ‘€︎ u/Snazzles
πŸ“…︎ Dec 14 2020
🚨︎ report
If you justify and support the riots and violence towards all police officers because of the senseless killing of an innocent man at the hands of few bad cops, by that logic you should also support ISIS terrorist acts on innocents because of Western nations attacks of innocents in the Middle East

I've been seeing multiple posts saying things along the lines of "I hope theres riots and police attacked, minorities keep being marginalized", and they get upvoted and comments in support of it, comments that oppose getting downvoted, until these posts eventually get purged by mods because they break sitewide policy, I guess of inciting violence. So im sure this is an unpopular opinion, especially since when I was saying this opinion, I got downvoted too.

Justifying hurting/injuring/killing innocent people or even generally causing havoc amongst the innocent because innocent people of you own were harmed by a few bad apples from the other group: this is what a lot of people are doing to justify the riots in the US right now, and its the same justification ISIS and these terrorist groups used for their acts of terrorism. That the US and other western nations had come to their lands, bombed/killed/raped/pillaged from their people, and so they have a right to do the same back to us innocent folk here. So those of you who support the riots, do you agree with this too?

This isn't the dream MLK Jr was talking about, I'll leave it at that.

πŸ‘︎ 138
πŸ“°︎ r/unpopularopinion
πŸ’¬︎
πŸ‘€︎ u/IcyKnowledge7
πŸ“…︎ May 28 2020
🚨︎ report
How would you stop a Man-in-the-Middle attack in a Fantasy setting?

Inspired by The Wandering Inn's latest chapter, what would you do If you are the 5th Wall's Bastion-General? Assume you have allΒ the resources that the Kingdom Rhir provides, the irregulars from the other kingdoms and the Champions that was isekai'd from Earth.

Backstory here and here, actual attack here. Don't worry, these all happens at the literal other side of the world from the main characters, and can be read as a standalone three part story.

πŸ‘︎ 22
πŸ“°︎ r/rational
πŸ’¬︎
πŸ‘€︎ u/GaiusRed
πŸ“…︎ Jul 22 2020
🚨︎ report
Kirobo Launches Undo Button for Ethereum Transactions With Added Protection Against Man-in-the-Middle Attacks - Press Release digitaljournal.com/pr/487…
πŸ‘︎ 6
πŸ“°︎ r/ethfinance
πŸ’¬︎
πŸ‘€︎ u/BeerBellyFatAss
πŸ“…︎ Nov 12 2020
🚨︎ report
I keep trying to attack Iron Man in the middle of a melee!

Am i the only one that keeps trying to punch his machine face? LOL

My friend says I'm prejudice against machines. That can't be truuuuue! Halp! T_T

πŸ‘︎ 11
πŸ“°︎ r/PlayAvengers
πŸ’¬︎
πŸ‘€︎ u/WoofWoofBearcub
πŸ“…︎ Sep 18 2020
🚨︎ report
Had $900 in Funds Stolen + $300 extra in man-in-the-middle attack. PayPal ruled AGAINST me. WTF can I do?

Woke up yesterday morning and found a real oddball transaction deposited in my account for $299.96 which I thought was super strange as I hadn't sold anything for that amount. Get further into my account and find out that was the only money I had in my account at all - I had about $900 in the account the night before after selling a few items.

I found out that, about 4 hours before I woke up, someone got in my account, switched the withdraw source to a prepaid card, took out ALL the funds I had, made two deposits from what I can tell is another hacked card, then withdrew one of those two ~$300 deposits to the same card.

I immediately filed a fraud request with PayPal. I also E-mailed the person with the hacked transactions in good faith so they knew what was going on, so my account then went $300 in the negative because both of their transactions were put on hold (One of those two, again, was still in the account).

PayPal just got back to me via EMail and ruled AGAINST ME FOR ALL OF IT. So I am not only out the $900 I lost, but the additional $300 that was sent to my account and withdrawn.

WTF am I supposed to do here? I recognize taking the funds out to a card makes it difficult for PayPal to do anything, but eating $1200 in losses is catastrophic for me, and I just can't wrap my head around how PayPal would make me eat every. single. cost. on this attack. I've done business with Paypal not for years but well over a decade and this may be what causes me to burn my bridge with them if I can't get even something figured out.

Thanks for listening to my rant - I'm beside myself and don't know what to do.

πŸ‘︎ 11
πŸ“°︎ r/paypal
πŸ’¬︎
πŸ‘€︎ u/mrstickball
πŸ“…︎ Aug 12 2020
🚨︎ report
BLUR attacks - Bluetooth critical vulnerability allowing for device impersonation, man-in-the-middle attacks, malicious session establishment with arbitrary devices, etc. hexhive.epfl.ch/BLURtooth…
πŸ‘︎ 72
πŸ“°︎ r/netsec
πŸ’¬︎
πŸ‘€︎ u/hongkong-it
πŸ“…︎ Sep 28 2020
🚨︎ report
Kirobo Launches Undo Button for Ethereum Transactions With Added Protection Against Man-in-the-Middle Attacks crweworld.com/article/new…
πŸ‘︎ 2
πŸ“°︎ r/ethtrader
πŸ’¬︎
πŸ‘€︎ u/HotMomentumStocks
πŸ“…︎ Nov 12 2020
🚨︎ report
Stubbing HTTP Response by Using Apple-Authorised Man-in-the-Middle Attack
πŸ‘︎ 7
πŸ“°︎ r/iOSProgramming
πŸ’¬︎
πŸ“…︎ Oct 16 2020
🚨︎ report
Technical Advisory – wolfSSL TLS 1.3 Client Man-in-the-Middle Attack research.nccgroup.com/202…
πŸ‘︎ 27
πŸ“°︎ r/netsec
πŸ’¬︎
πŸ‘€︎ u/digicat
πŸ“…︎ Aug 24 2020
🚨︎ report
Potential man in the middle attack

Hi all,

A man in the middle attack has occurred and the origin is either my laptop, my colleague's laptop or my client's laptop.

I want to perform a full system scan using Bitdefender but it gets stuck at 34%. I left it running for 2 hours and 50 mins and it didn't move from 34%.

Called customer services and their response time is 24 to 48 hours which is sadly too long.

Can anyone help?

πŸ‘︎ 7
πŸ“°︎ r/BitDefender
πŸ’¬︎
πŸ‘€︎ u/Akali35
πŸ“…︎ Jul 25 2020
🚨︎ report
OC - Hacker with Gorgon Helmet by me 2019. when you need to launch a man in the middle attack, or even just sniff some packets, accept no substitutes...
πŸ‘︎ 21
πŸ“°︎ r/Cyberpunk
πŸ’¬︎
πŸ‘€︎ u/alxledante
πŸ“…︎ Aug 25 2020
🚨︎ report
OC - Hacker with Gorgon Helmet by me 2019. when you need to launch a man in the middle attack, or even just sniff some packets, accept no substitutes...
πŸ‘︎ 22
πŸ’¬︎
πŸ‘€︎ u/alxledante
πŸ“…︎ Aug 25 2020
🚨︎ report
OC - Hacker with Gorgon Helmet by me 2019. when you need to launch a man in the middle attack, or even just sniff some packets, accept no substitutes...
πŸ‘︎ 25
πŸ’¬︎
πŸ‘€︎ u/alxledante
πŸ“…︎ Aug 25 2020
🚨︎ report
OC - Hacker with Gorgon Helmet by me 2019. when you need to launch a man in the middle attack, or even just sniff some packets, accept no substitutes...
πŸ‘︎ 7
πŸ“°︎ r/CyberHelmet
πŸ’¬︎
πŸ‘€︎ u/alxledante
πŸ“…︎ Aug 25 2020
🚨︎ report
OC - Hacker with Gorgon Helmet by me 2019. when you need to launch a man in the middle attack, or even just sniff some packets, accept no substitutes...
πŸ‘︎ 13
πŸ’¬︎
πŸ‘€︎ u/alxledante
πŸ“…︎ Aug 25 2020
🚨︎ report
OC - Hacker with Gorgon Helmet by me 2019. when you need to launch a man in the middle attack, or even just sniff some packets, accept no substitutes...
πŸ‘︎ 11
πŸ“°︎ r/SpecArt
πŸ’¬︎
πŸ‘€︎ u/alxledante
πŸ“…︎ Aug 25 2020
🚨︎ report
What is a Man-in-the-Middle Attack (MitM) and how to Prevent it ctemplar.com/what-is-a-ma…
πŸ‘︎ 5
πŸ“°︎ r/ctemplar
πŸ’¬︎
πŸ‘€︎ u/CTemplar-Official
πŸ“…︎ Sep 03 2020
🚨︎ report
How To Perform A Man-In-The-Middle(MITM) Attack Using Ettercap in Kali Linux
πŸ‘︎ 2
πŸ“°︎ r/ethicalhacking
πŸ’¬︎
πŸ‘€︎ u/myteachworld
πŸ“…︎ Sep 12 2020
🚨︎ report
Detect and Block Exploit Attempts for Kubernetes Vulnerability: CVE-2020-8554 Man in the Middle (MiTM) Attack Using Kubernetes Service Resources

Read the blog here.

TL;DR

  • Kubernetes CVE-2020-8554 enables an attacker to intercept traffic from other pods (or nodes) in the cluster if the attacker can create or edit services and pods. This vulnerability was originally discovered almost a year ago, revealing a design flaw that affects all Kubernetes versions
  • Exploiting this weakness requires at the minimum RBAC permissions to create, update or patch Service resources, specifically:
    • An attacker that is able to create a ClusterIP service and set the spec.externalIPs field can intercept traffic to that IP.
    • An attacker that is able to patch the status.loadBalancer.ingress.ip field of LoadBalancer service status.loadBalancer.ingress.ip can intercept traffic to that IP.

What you can do about it:

  • At this point, CVE-2020-8554Β  does not have a software update that mitigates this issue. Users are advised to implement fine-grained access restrictions and can use RBAC policies and admission controllers such as this one, OPA Gatekeeper Constraint or others.
  • Scan Kubernetes audit logs for evidence of attempts to exploit this CVE.Β The creation of a new Service or modifying an existing Service leave traces in the audit log.
  • Monitor Kubernetes resources and entities for attempt at service creation or modification that allow attackers to intercept traffic.
  • Use admission controllers policy logic to deny and alert on external-facing or unauthorized Ingress Controllers and Services.
πŸ‘︎ 6
πŸ“°︎ r/devops
πŸ’¬︎
πŸ‘€︎ u/alcideio
πŸ“…︎ Dec 14 2020
🚨︎ report
Stubbing HTTP Response by Using Apple-Authorised Man-in-the-Middle Attack
πŸ‘︎ 3
πŸ“°︎ r/Xcode
πŸ’¬︎
πŸ“…︎ Oct 16 2020
🚨︎ report

Please note that this site uses cookies to personalise content and adverts, to provide social media features, and to analyse web traffic. Click here for more information.