The US-CERT issued today an alert stressing the importance of implementing end-to-end security.
“Securing end-to-end communications plays an important role in protecting privacy and preventing some forms of man-in-the-middle (MITM) attacks”.
“Recently, researchers described a MITM attack used to inject code, causing unsecured web browsers around the world to become unwitting participants in a distributed denial-of-service attack. That same code can be employed to deliver an exploit for a particular vulnerability or to take other arbitrary actions”.
The US-CERT recommendations to distrupt MITM attacks :
- Use at least TLS version 1.1 (1.0 being vulnerable to SSL fallback)
- Enable certificate pinning
- Implement DANE (DNS-base Authentication of Named Entities)
- Use network notary servers
