This is the old version of the H2O platform and is now read-only. This means you can view content but cannot create content. You can access the new platform at https://opencasebook.org. Thank you.

1.3.3 DNS and Man-in-the-Middle Attacks

by Jack Goldsmith and a Berkman Center Cybersecurity Team Show/Hide
The DNS translates domain names into IP addresses. There is a whole family of vulnerabilities in which the DNS on one’s computer can be fooled in accepting different IP addresses for a given domain, allowing adversaries to extract information under the pretence of a trusted site. Such vulnerabilities including cache poisoning, packet sniffing, and session hijacking. In a similar fashion, Man-in-the-Middle attacks can cause users to disclose sensitive information without being aware of a third-party’s involvement in the transfer of data. EDIT PLAYLIST INFORMATION DELETE PLAYLIST

Edit playlist item notes below to have a mix of public & private notes, or:

MAKE ALL NOTES PUBLIC (3/3 playlist item notes are public) MAKE ALL NOTES PRIVATE (0/3 playlist item notes are private)
  1. 1 Show/Hide More Bruce Schneier, Lessons from the DNS Bug: Patching Isn’t Enough, Wired, Jul 23, 2008
    This article discusses a DNS bug discovered in 2008 and argues that designing systems with a security mindset would account for vulnerabilities before they surface, rather than the retroactive engineering of patches.
  2. 2 Show/Hide More Callegati, F., Man-in-the-Middle Attack to the HTTPS Protocol, Security & Privacy, IEEE, 2009
    The man-in-the-middle attack exploits the fact that the HTTPS server (a protocol which guarantees privacy and security in transactions) sends a certificate with its public key to the Web browser. If this certificate isn’t trustworthy, the entire communication path is vulnerable. This article demonstrates how attackers can successfully intercept the data transfer and corrupt the safety of the communication.
  3. 3 Show/Hide More Seth Schoen, The Message of Firesheep:”Baaaad Websites, Implement Sitewide HTTPS Now!”, EFF, Oct 29, 2010
    Firesheep, a software taking advantage of packet sniffing and cookie stealing to hijack sessions on websites such as Facebook and Paypal while using the same network as the victim’s, has caused much discussion regarding the need to implement HTTPS universally across session-based platforms.

Playlist Information

May 21, 2013

Author Stats

Jack Goldsmith and a Berkman Center Cybersecurity Team

Other Playlists by Jack Goldsmith and a Berkman Center Cybersecurity Team

Find Items

Search below to find items, then drag and drop items onto playlists you own. To add items to nested playlists, you must first expand those playlists.

Leitura Garamond Futura Verdana Proxima Nova Dagny Web
small medium large extra-large