Kaspersky Lab releases an article "Secure connections: how secure are they?"
16 Mar 2007
Kaspersky Lab, a leading developer of secure content management solutions, has released an article describing the pros and cons of secure network connections. Secure connections are designed to protect data sent between two computers via the Internet in order to protect confidential data, verify the identity of a correspondent or protect data from being read or changed. However, even secure connections can be attacked successfully.
Vitaly Denisov, a developer in Kaspersky R & D, describes secure connections as well as the potential for hacking them: “Standard security solutions protect computers against threats present in standard network connections, but aren’t able to counter threats present in secure connections. Verifying the contents of a secure connection is impossible by virtue of its nature. As a result, malicious data within secure channels can cause a significant amount of damage, and sometimes more than if it were to be transmitted via a standard, non-secure connection.” notes Vitaly.
Today, more and more people are using secure connections, making it especially important to understand the inherent dangers. Vitaly explains “Many servers on the Internet began to offer their services via SSL/ TLS: together with major banking sites, all the big-name email services and partner sites can now be accessed exclusively via secure connection. The situation is exacerbated by the fact that an attack on a computer can be carried out remotely – for example, by simply placing a malicious file on a server which can be reached only via a secure connection.”
Vitaly describes several attack scenarios and provides practical examples, such as attacks on a Gmail email account and the publication of malware on a web server unbeknownst to the owner. He also describes methods for preventing these attacks.
The complete version of Vitaly’s article is available on Viruslist.com.