The Community for Technology Leaders
Green Image
Issue No. 01 - January/February (2009 vol. 7)
ISSN: 1540-7993
pp: 78-81
Marco Ramilli , University of Bologna
Walter Cerroni , University of Bologna
Franco Callegati , University of Bologna
ABSTRACT
As defenders, it is extremely dangerous to be ignorant of how attackers can disrupt our systems. Without a good understanding of the relative ease of certain attacks, it's easy to adopt poor policies and procedures. A good example of this is the tendency for some organizations to use invalid or "self-signed" certifications for SSL, an approach that both trains the user to ignore certificate warnings displayed by the browser and leaves connections vulnerable to man in the middle attacks. In this article, we illustrate how easy such attacks are to execute; we hope this will serve as an incentive to adopt defenses that not only seem secure, but actually are!
INDEX TERMS
WEB security, HTTPS, self-signed certificate, ARP poisoning, DNS spoofing, man in the middle, MITM, Address Resolution Protocol, Domain Name System
CITATION
Marco Ramilli, Walter Cerroni, Franco Callegati, "Man-in-the-Middle Attack to the HTTPS Protocol", IEEE Security & Privacy, vol. 7, no. , pp. 78-81, January/February 2009, doi:10.1109/MSP.2009.12
104 ms
(Ver )