Consider a scenario: (at victims end) in DNS cache poisoning attack. When the victim will go to a website (eg: gmail.com), he will be taken to some other phishy website. Now here the URL remains the same, so is there any way to identify that the website he/she is visiting is fake?
Asked
Active
Viewed 179 times
1 Answers
1
Without any help from the site it's really hard, and sadly according to W3Techs statistics many don't still use the technologies that would give you a warning on both DNS cache poisoning and Man-in-the-Middle attacks.
Every sites should have TLS certificates now that they are free and easy to get from Let's Encrypt. All CA signed certificates are at least domain control verified, so you'd get an error if there's an imposter's site.
HTTPS shouldn't be just an option for the user, but sites should upgrade every plain HTTP connection with a redirect. This way, an URL starting with
http://would be an indication of something being wrong.HTTP Strict Transport Security (HSTS) makes the browser remember the site (and possibly all subdomain) should only be viewed on encrypted connection.
DNSSEC would be helpful, but only if your resolver validates it and your connection to your DNS resolver is secure. That's almost never true on foreign networks.
What could you do as a user? I'd suggest using HTTPS Everywhere. In the normal mode it lists sites that are known of having HTTPS, even if they do not have HSTS or redirect to HTTPS by default. I choose use it on Encrypt All Sites Eligible (EASE) mode and get to decide whether it's actually worth visiting a site that would be served on plain HTTP.
Esa Jokinen
- 16,100
- 5
- 50
- 55