Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Chrome Will Soon Detect Man-in-the-Middle Attacks (bleepingcomputer.com)

Posted by EditorDavid on from the surfing-with-security dept.

An anonymous reader writes: Google Chrome 63 will include a new security feature that will detect when third-party software is performing a Man-in-the-Middle (MitM) attack that hijacks the user's Internet connection.... Most MitM toolkits fail to correctly rewrite the user's encrypted connections, causing SSL errors that Chrome will detect. The new Chrome 63 feature is in the form of a new warning screen. This new error will appear whenever Chrome detects a large number of SSL connection errors in a short timespan, a sign that someone is trying -- and failing -- to intercept the user's web traffic. This includes both malware and legitimate applications, such as antivirus and firewall applications. The new Chrome error won't show up for all antivirus and firewall software, but only for those that do not rewrite SSL connections in a proper way, resulting in SSL errors.
Chrome 63 is set for release on December 5, but users can already test it by enabling it in the Google Chrome dev branch.

6 of 86 comments (clear)

  1. Firefox as well please by jonwil · · Score: 4, Insightful

    This is one Chrome feature I wish Firefox (and browsers that use the same codebase) WOULD copy.

  2. error cause by bugs2squash · · Score: 3, Insightful

    I don't see why MITM attacks intended to capture information would cause SSL errors. I could see there being errors while breaking into an existing connection or poisoning ARP or whatever nefarious tricks are used to force the traffic through the MITM, but surely Mallory is smart enough not to mangle the messages he wants to intercept and preserve and besides, I always thought the SSL connection between the victims and the MiTM were pristine, normal SSL connections in their own right. Maybe I suppose if they wanted to modify content on the way through, but even then maybe an application layer error, not an SSL issue. Enlighten me...

    --
    Nullius in verba
  3. Re: Hotel Wifi by Monster_user · · Score: 3, Insightful

    Typically have to agree to the wifi before the router will allow ANY traffic, including VPN traffic.

  4. Re:Hotel Wifi by KiloByte · · Score: 4, Insightful

    Will this further break hotel wifi?

    Nope, that hotel wifi is already broken.

    It is irritating enough as it is, with my web browsers screaming about invalid certificates and possible MitM attacks when simply trying to pull up a Wifi login screen.

    Because it is a MitM attack? The motive isn't relevant here: the hotel tries to intercept your SSL session and present you something that isn't your intended destination.

    --
    The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  5. Re:There goes the corporate market. by CrankyFool · · Score: 3, Insightful

    I work in a Fortune 500 company. They don't MITM all (or, hell, any) encrypted traffic. I question your assertion that this is required by legal requirements. We're a PCI Level 1 provider; we're covered by SOX. No MITM. What evidence do you have that this is "required"?

  6. Re:Hotel Wifi by ShakaUVM · · Score: 1, Insightful

    >Because it is a MitM attack?

    Yes, I know it is. And if the browser would let me go to the damn page, I could get rid of it.

    >Nope, that hotel wifi is already broken.

    Yes, it is. But it's not a security threat either.