Active Man in the Middle Attacks

[Adi Sharabani <adishar () gmail com>]

Hello,

We have recently discovered a new type of web attacks which could be
initiated upon a man in the middle scenario (or by leveraging DNS
Pinning techniques). The attack which we call Active MitM attack
allows an attacker to gather sensitive information from the past such
as cookies (surf jacking) and auto-completion information, but also
affect the future
by poisoning victim’s cache and cookies, and penetrating local
networks will ever be used by the victim. One of the results of the
research is that VPN is not good enough for the application layer, and
using Active techniques a MitM would be able to access any web
resource within any internal network, even if not accessible from the
public net, and even if the victim does not actively use it.

The entire technical details of the attack can be found at:
  http://blog.watchfire.com/wfblog/2009/02/active-man-in-the-middle-attacks.html

In the above work, we have tried to articulate a problem with the
current design of the web rather than dealing with implementation bugs
such as browser’s exploits which allow the execution of malware on
victim’s machine.

Best Regards,
-Adish

Adi Sharabani
Security Research Group Manager
Rational Application Security