Recently, I have seen an interesting article abroad. It is about “man-in-middle attack”. I think the original translation of the original text, but there is a lot of political sensitivity content, it is not advisable to publish this website, here Only part of the related part of the technology is extracted for everyone to explore.
Probably from 8:00 am on January 26, in Sina Weibo and Twitter, there is a Chinese user report that there is an invalid SSL certificate warning prompt when visiting the Github.com website. Subsequent evidence shows that this is due to the “man-in-middle attach”.
What is the middleman attack (man-in-middle attack)?
First look at the definition of Wikipedia:
In the field of cryptography and computer security, the middleman attack (normal abbreviation is mitm) refers to the establishment of an independent link, and exchanges the data received, and exchanges the data received, and exchanges the data received. Make the communication between the communication think they are talking to the other party through a private connection, but in fact the entire session is fully controlled by the attacker. In middleman attacks, attackers can intercept the calls of the communication and insert new content.
This is the interpretation of the theory, the following is a relatively popular interpretation:
Suppose Alice wants to communicate with Bob. At the same time, Mallory attempts to intercept the stealing session to eavesdrop, and may send a false message to Boba at some point.
1. Alice sent a message to Bob, it was intercepted by Mallory:
Alice “Hey, Bob, I am Alice. Give me your public key” -> Mallory Bob
2. Malori transfer this intercepted message to Bob; At this time, Bob cannot distinguish this message is really sent from Alice:
Alice Malori “Hey, Bob, I am Alice. Give me your public key” -> Bob
3. Bob responded to Alice’s news and attached his public key:
4. Mallori replaces the key key with his key, and forwards the message to Alice, claiming this is Bob’s public key:
5. Alice uses her to be Bob’s public key to encrypt her news, thinking that only Bob can read it:
Alice “We met in the bus stop!” – [[use Mallori’s public key encryption] -> Mallori Bob
6. However, since this news is actually encrypted with Malori, Malori can decrypt it, read it, and modify it when you are willing, then use Bob’s key to re-encrypt, and Reproducing the recurdic message to Bob:
Alice Mallory “is waiting for me at home!” – [[use Bob’s public key] -> Bob
7. Bob believes that this message is from Alice from Alice via a secure transmission channel.
It can be seen that when it is attacked by an intermediary, you will be intercepted by the middle people – even if the transfer protocol is encrypted. For example, you have a wireless network on a Internet cafe or a cafe. If this network is passively passing your hands and feet, there is a middleman hijacked the network, your login mailbox / microblogging password, the password paid online, you send it to email Content, your QQ chat record … can be intercepted by middle people. The article mentioned above said this intermediary attack on GitHub.com has probably last for 1 hour, and the password of people who log in to Github.com in this hour may be recorded.
Intermediary attacks can be detected
Most browsers can find an exception of the SSL certificate when accessing the Internet with an HTTPS protocol, which will remind you that the security certificate of the site is not trusted, as shown in the figure, very eye-catching. If you are using Firefox, Google, Safari and other modern browsers, each time there is an abnormal situation, they all have this warning interface, but if you use IE browser, it will only remind you for the first time.
In this article, the first visit will also be accessed by the “360 Safety Browser (360 Safe Browser” in China’s domestic market share, reaching 27%, using it to access websites with forged SSL certificates There is a warning message, but when the second visit, the green hunting “pass the green website certification” mark! [sweat]
In this foreign language, I have a blushing Chinese in the past. What is the name of not good, is called what “security” browser, play your mouth. Fortunately, I never use the “domestic” browser of 360, Sogou, Baidu and so on.