Sometimes, worrying about man-in-the-middle attacks is not just paranoia

I have a friend who is seriously concerned about man-in-the-middle attacks on his communications.  He uses digital signatures on all of his e-mails. I generally reciprocate, and I will again once Outlook 2013 on Windows 8 stops crashing when I try to sign outgoing e-mails.  (The workaround is to run Outlook 2013 as Administrator.  I do not routinely do that, ever, especially since I can no longer force all e-mail viewing as plaintext by default and the junk mail filter is not working.)

Unfortunately, man-in-the-middle attacks are alive and well and are not merely used to interfere/eavesdrop-on e-mail as much as to redirect nearly all of our Internet connection-setups through a malicious DNS server in a way where

  • we won’t notice
  • a counterfeit destination service can be substituted for one that is important to us and for which secure, private access is critical
  • and while it may lead to identity theft, it can also be used for selective, un-noticed surveillance of traffic to particular destinations.

If you operate your computer and access the internet from behind a residential router (whether Wi-Fi or a wired LAN that some of us have), even if it is only for one or two computers/Kindles/smartphones), there is an active Man-in-the-Middle exploit that uses a poisoned web page to take control of your router just enough to change the DNS server that is used to resolve non-numeric internet addresses – all of those http://www.example.com thingies.  That puts a rogue DNS server quietly in the middle of almost all of your web accesses and those of your desktop/laptop/tablet/smart-phone applications when connected to the Internet via your home Wi-Fi or wired connection. 

Jakob Lell has published a splendid analysis of the current attack and how it works. 

Without suffering through the details, there are some simple and valuable mitigations:

  1. Whenever you use your browser to directly access the administrative interface of the router that bridges your devices to the Internet, have no other tabs open in your browser and always close your browser when done.  Also, do not let your browser retain the administrative password to your router.
  2. Change the administrative password to your router.  Never use the default password (often none) that the router is set with at the factory.
  3. If you know how, check that the DNS addresses that your router will use are those specified by your Internet Service Provider and none others.
  4. Finally, if you or your family IT expert knows how to do it properly, have your router set to issue IP addresses to your computer(s) that are not in the 192.168.1.y family but are ones reserved for local use and are not routed on the public Internet.  It is best to avoid setting the router for addresses of itself and your connected devices in any 192.168.x.y series altogether.

Are we having fun yet?

Advertisements
This entry was posted in Computers and Internet, nfoWorks, Privacy and Security, trust. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s