Google Chrome Will Soon Warn You of Software That Performs MitM Attacks

[brambedkar59]

Google Chrome 63 will include a new security feature that will detect when third-party software is performing a Man-in-the-Middle (MitM) attack that hijacks the user's Internet connection.

A MitM attack is when an application installed on a user's computer or a local network intercepts the user's web traffic.

For the party performing the MitM attack, the hardest part is dealing with encrypted HTTPS traffic. Most MitM toolkits fail to correctly rewrite the user's encrypted connections, causing SSL errors that Chrome will detect.

Read more at source link.
This is a welcome move by Google.

 

[Captain Awesome]

This is a welcome move by Google.

Obviously.

 

[TairikuOkami]

I wonder, how it is gonna be implemented. Thus far I do not like the sound of it. It seems very google like, good for google, bad for users.

Browsers already warn about insecure/damaged SSL connections, this sounds like a good excuse to monitor user's traffic.

Qualys SSL Labs - Projects / SSL Client Test

 

[brambedkar59]

I wonder, how it is gonna be implemented. Thus far I do not like the sound of it. It seems very google like, good for google, bad for users.

Browsers already warn about insecure/damaged SSL connections, this sounds like a good excuse to monitor user's traffic.

Qualys SSL Labs - Projects / SSL Client Test

Here is a quote from the article-

The new Chrome 63 feature is in the form of a new warning screen. This new error will appear whenever Chrome detects a large number of SSL connection errors in a short timespan, a sign that someone is trying — and failing — to intercept the user's web traffic.

I don't think it has anything to do with monitoring user traffic, cause they already can and are doing all that.

 

[TairikuOkami]

I don't think it has anything to do with monitoring user traffic, cause they already can and are doing all that.

In order to detect errors like that, they have to keep the log of the traffic and visited webpages, which beats the point of using SSL for privacy reasons.

Though if it is gonna be implemented in Chrome only, I could not care less. Not like anyone, who cares about privacy, uses Chrome anyway.

 

[Daljeet]

HTTPS error not else but project in its beta form.

 

[ForgottenSeer 58943]

In order to detect errors like that, they have to keep the log of the traffic and visited webpages, which beats the point of using SSL for privacy reasons.

Though if it is gonna be implemented in Chrome only, I could not care less. Not like anyone, who cares about privacy, uses Chrome anyway.

Pretty much this.. I have to use Chrome in some cases, and when I do I use protection.. Command line toggles on the icon;

--disable-background-networking --disable-component-extensions-with-background-pages --dns-prefetch-disable --no-pings --disable-logging

 

[TairikuOkami]

HTTPS error not else but project in its beta form.

Thanks, bookmarked for testing.

 

[Mr.X]

Not too off-topic but we have a third party tool:
SSL Eye Protects You From Prism | Eagle Eye Digital Solutions | Muscat Oman

It could help.