Pages

Banner 468 x 60px

 

Thursday, January 27

Man in the browser (MITB) attacks

1 comments
Man-in-the-Browser (MitB), a form of Internet threat related to Man-in-the-Middle (MitM), is a trojan that infects a web browser and has the ability to modify pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host application. A MitB attack will be successful irrespective of whether security mechanisms such as SSL/PKI and/or Two or Three Factor Authentication solutions are in place. The only way to counter a MitB attack is by utilising transaction verification.


The MitB Trojan works by utilising common facilities provided to enhance Browser capabilities such as Browser helper Objects, Extensions and User scripts etc., and is therefore virtually undetectable to virus scanning software.

One of the most effective methods in combating a MitB attack is through an out-of-band Transaction verification process. This overcomes the MitB Trojan by verifying the transaction details, as received by the host (bank), to the user (customer) over a channel other than the browser; typically an automated telephone call. OOB Transaction Verification is ideal for mass market use since it leverages devices already in the public domain (e.g. Landline, Cell Phone, etc) and requires no additional hardware devices yet enables Three Factor Authentication (utilising Voice Biometrics), Transaction Signing (to non-repudiation level) and Transaction Verification.

1 comment:

felisha green said...

If you ever want to change or up your university grades contact cybergolden hacker he'll get it done and show a proof of work done before payment. He's efficient, reliable and affordable. He can also perform all sorts of hacks including text, whatsapp, password decrypt,hack any mobile phone, Escape Bancruptcy, Delete Criminal Records and the rest

Email: cybergoldenhacker at gmail dot com


Post a Comment