Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: PSI is not that secure

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
C0nc3rn3d PSI is not that secure
Member 13th Nov, 2013 23:10
Ranking: 0
Posts: 2
User Since: 13th Nov, 2013
System Score: N/A
Location: FR
I just found out PSI uses plain HTTP transfers to download executables to be updated. This seems to be susceptible to MiTM attacks.

mogs RE: PSI is not that secure
Expert Contributor 14th Nov, 2013 02:50
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
@COnc3rn3d

The man-in-the-middle attack (often abbreviated MITM, MitM, MIM, MiM, MITMA) in cryptography and computer security is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances (for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle).[citation needed]

A man-in-the-middle attack can succeed only when the attacker can impersonate each endpoint to the satisfaction of the other it is an attack on mutual authentication (or lack thereof). Most cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, SSL can authenticate one or both parties using a mutually trusted certification authority.
http://en.wikipedia.org/wiki/MITM_attack

Is the following helpful ?
Excerpt
Privacy Statement
Communication
All communication between your system (The Secunia PSI) and the Secunia servers (psi.secunia.com) is conducted via an encrypted connection (SSL). Effectively protecting against eavesdropping of the data and the results being exchanged with Secunia.
http://secunia.com/vulnerability_scanning/personal...

Regards.........mogs..........


--
Was this reply relevant?
+3
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability