Monday, September 15, 2014

NO MORE!! Man-In-The-Middle attacks in Firefox

Latest Firefox implements support for public-key pinning feature. This newly added feature validates the authorization of a server based on an internal list of trusted certificates. Secure communication can be accomplished by encrypting the data, based on a digital certificate issued by any Certificate Authority (CA) and then verify the service identity. Earlier forged certificates had been obtained by cybercriminals and get valid SSL certificate for a domain by deceiving Certificate Authority (CA). Another way of getting the certificate through hacking into their systems and issued on their behalf. The latest firefox wiped out these risks through public-key pinning where digital certificate of the website compares with the certificate present in the browser and it must be matched for communication. <more>

No comments: