SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Member
    Join Date
    Jul 2009
    Posts
    18
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Data Interception

    Hello, answers of any measure are appreciated!

    How can data be intercepted from Client to Server, assuming the website code is secure, other than by Spyware etc.?
    eg. The client submits login form, and the malicious user acquires that data before it even arrives at the server.
    eg. The CIA wants to observe data being transmitted between client and server; which magic wand do they use?

    Thanks,
    Caleb

  2. #2
    SitePoint Enthusiast
    Join Date
    Jul 2009
    Posts
    49
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Any of the machines between your client and your server are susceptible to eavesdropping or man in the middle attacks. In addition many of those have odd settings such that neighbouring computers can also see the traffic.

    Wifi/Bluetooth/Cell connections also allow somebody to listen to the traffic going through the air.

    If your site uses exclusively HTTPS (secure protocol) the interceptino/eavesdropping is more difficult -- though a man in the middle attack is still possible.
    I run BigTPoker.com an interactive poker training system.

    Earn money with our affiliate program.

  3. #3
    SitePoint Wizard
    Join Date
    Apr 2002
    Posts
    2,307
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    the way i understand it (and i know very little about this kind of thing) is the kind of attack you're describing is actually incredably hard and isn't very common. it was the assumed way security would be compromised back in the day; when people were worried about credit card details being nabbed on the wire. turns out the end points are much weaker than the bits in the middle. just the fact that data is in packets is a fairly good stopper because different packets can take different routes.

  4. #4
    SitePoint Enthusiast
    Join Date
    Jul 2009
    Posts
    49
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Things like wifi aren't actually that hard to crack, but that aside he said other than Spyway -- I took that mean anything installed on the client side. Plus he used the CIA as an example, and I've known a lot of people working at ISPs, it wouldn't be even very hard for a well funded individual to get them in a position of intercept.

    But I agree, if this was what the original poster had really meant:
    - in transit capture is the *least* likely intercept to happen
    - server theft (hacking) is unlikely
    - client intercept via spyware is quite likely
    - client intercept via phishing is *most* likely
    I run BigTPoker.com an interactive poker training system.

    Earn money with our affiliate program.

  5. #5
    SitePoint Member
    Join Date
    Jul 2009
    Posts
    18
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey guys, thanks for all your replies. I really appreciate it.

    Any more thoughts on this subject would be very useful; if anyone knows of any articles or books on this subject, please refer me to them.


    It seems as though a person in such a position would be able to hijack anything and everything. Even SSL would be useless if the session key was in the data being sent.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •