Not only have we entered our information
into the intended site from a clean machine, but we also know
There are countermeasures
against
the man-in-themiddle
attack
The Advent of Pro?¬?table Digital Crime 25
that the data made it through safely to its ultimate destination.
Unfortunately, we are still not safe.
If we are buying something online, the website is probably
leveraging a shopping cart metaphor for handling our temporary
data; it may even take advantage of some form of pro?¬?le so that
we don??™t have to type in at each visit our shipping address or
our preferred credit card number. If the implementation of those
functions is less than robust, an attacker may gain access to our
session data. The possible maneuvers are far too many to be
described here. However, just to give you a taste of the range of
things that might be done, consider this: Key data may be stored
in a cookie on your machine and accessed by other sites or
local malware, the e-commerce website may be implemented
on some engine known to have ?¬‚aws and exploits, the session
might not be properly secured, and just knowing a temporary
URL (Universal Resource Locator, an Internet address) may give
clean access to data, and of course there are all the methods of
stealing memory data in the case where the website machine
has been compromised.
Pages:
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68