SoylentNews is people
SoylentNews
Kevin Beaumont reports that, by compromising a router at Equinix in Chicago, attackers were able to forge DNS responses for myetherwallet.com, with users "redirected to a server hosted in Russia, which served the website using a fake certificate." Victims' online wallets were drained of cryptocurrency.
Also at The Verge and Ars Technica which said
Amazon lost control of a small number of its cloud services IP addresses for two hours on [April 24] when hackers exploited a known Internet-protocol weakness that let them to redirect traffic to rogue destinations. By subverting Amazon's domain-resolution service, the attackers masqueraded as cryptocurrency website MyEtherWallet.com and stole about $150,000 in digital coins from unwitting end users. They may have targeted other Amazon customers as well.
(Score: 2) by maxwell demon on Tuesday May 01 2018, @08:43AM (1 child)
I don't know what you are doing on the web. For me, such a warning occurs maybe once a year, if even that often. In that case, I usually think of whether I'd accept the site being HTTP, and proceed accordingly: If I would be happy browsing the site with HTTP, I'm happy to temporarily accept the certificate, otherwise I won't continue.
Certainly my bank would be a place where I would not continue with HTTP only. Indeed, for my online banking I use a separate account where in the browser profile I disabled the root certificates that are certainly not needed by my bank. So if someone tried to impersonate my bank with a "legitimate" certificate from such a CA, I'd get a big fat warning.
The separate account also means that whatever malware I might still get on my regular account (I think I'm careful enough to not get any, but I'm sure most people who got malware thought that of themselves, too) is unlikely to affect my online banking, unless it manages to escalate to root.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by JoeMerchant on Tuesday May 01 2018, @01:50PM
For me, it starts with the company web sites. I work for a major (>100K employee) multinational corp, and am required to use certain company sites in my job. At any given time, >10% of these sites have invalid CA, and it rotates - some will be valid for awhile, then expire, etc. Mostly, I'm trusting DNS to work securely and checking domain names before I click (yes, that's what burned the users in the article). Mostly, I have nothing of value to me to lose when I use these sites.
Out in the wild wild web, I don't do monetary things with invalid CA sites, but if I'm at work in the nanny zone I'm frequently hit with big red "You can't access that site from the company network" pages when I try to read blogs that might talk about network security, or access sites connected with remote desktop control which I use, daily, in my job - it's actually a big part of what they pay me for: putting that capability in the product, that capability that's on the corporate web-censor list. So: more desentization, plus: incentive to work from home where my web access is less limited, and incidentally the chance of a MITM on my DNS is much higher.
🌻🌻 [google.com]