Search My Blog

Tuesday, February 26, 2013

Redirection and Decryption of Mobile Traffic - TechRepublic

If you use Opera Mini and perhaps several other Mobile Web Browsers for your Online Banking or other Personal and Sensitive Surfing. Then, this should interest you...

Don

Redirection and decryption of mobile traffic: Is your browser a MitM?

Takeaway: By design, certain mobile web browsers send HTTPS-encrypted traffic to their home servers first. Michael Kassner finds out why, and what it means to each of us.

If you think HTTPS traffic from your mobile web browser travels unaltered, and safely encrypted all the way to the remote web server you requested information from, don’t be so sure. Opera Mini developers were asked:

Is there any end-to-end security between my handset and - for example - paypal.com or my bank?

The answer:

Opera Mini uses a transcoder server to translate HTML/CSS/JavaScript into a more compact format. It will also shrink any images to fit the screen of your handset. This translation step makes Opera Mini fast, small, and also very cheap to use. To be able to do this translation, the Opera Mini server needs to have access to the unencrypted version of the webpage. Therefore no end-to-end encryption between the client and the remote web server is possible.

To rule out any doubt:

If you need full end-to-end encryption, you should use a full web browser such as Opera Mobile.Opera Mini

Just to be clear “end-to-end encryption,” in this case, means HTTPS (encrypted) traffic travels to a remote web server, a bank for example, unhampered (not decrypted).

I don’t use any of Opera’s web browsers. I’ll be honest, even if I did use Opera, I would not have known about the redirection. I only started checking what mobile web browsers were doing after a colleague informed me the tech press crucified Nokia for doing something similar.

How it started

Read More...
http://www.techrepublic.com/blog/security/redirection-and-decryption-of-mobile-traffic-is-your-browser-a-mitm/9115?tag=nl.e036&s_cid=e036&ttag=e036

You May Also Like


Redirection and Decryption of Mobile Web Traffic
Nokia phone forcing traffic through proxy | Treasure Hunt
Redirection and decryption of mobile traffic: Is your browser a MitM? | TechRepublic
News 02-26-13
Laser Kaleidoscope uses more 3D printing and less scavenging
Critter cam hacked from an old cellphone.
Researchers say Stuxnet was deployed against Iran in 2007 | Reuters
Take A Video Tour Of The International Space Station
How to Tune a Guitar: 9 steps - wikiHow
Automatic beer pourer was hacked together from a bit of everything
Linux Today - LG acquires webOS from HP
LG acquires webOS from HP - LinuxBSDos.com
Linux Today - Installation of Seafile, open source Dropbox alternative for teams
» Linuxaria – Everything about GNU/Linux and Open source Installation of Seafile, open source Dropbox alternative for teams
Linux Today - Why the Ubuntu Tablet Is a Winner
Why the Ubuntu Tablet Is a Winner - Datamation
Getting to the Bottom of It All - NYTimes.com
Hagel Survives Filibuster, Last Big Roadblock to Defense Post - NYTimes.com
Supreme Court Rejects Challenge to Surveillance Law - NYTimes.com
Primary Care Doctors Can Make the Wrong Call – WebMD
Redirection and decryption of mobile traffic: Is your browser a MitM? | TechRepublic
Nokia phone forcing traffic through proxy | Treasure Hunt

News 02-25-13
Linux Today - Open source app can detect text's authors
Open source app can detect text's authors • The Register
SCARA arm finally prints plastic parts
Ubuntu with a GUI on a Beagleboard
Modifying a printer for PCB fabbing
Find Information on How To Delete Accounts on Various Sites Quickly and Easily
how to easily delete your online accounts | accountkiller.com
App.net's push for renewals starts with free accounts | Internet & Media - CNET News
U.S. Gas Price Spike: Blame the Long Road From Well to Pump
Mozilla's Firefox OS to rival iOS, Android with focus on open web standards | ZDNet
17 Tips on How to Make a Great Website - wikiHow
Pediatrics Group Issues New Ear Infection Guidelines – WebMD
Scientists Pinpoint How Deep Brain Stimulation Eases OCD – WebMD
Syria Willing to Talk With Armed Opponents, Foreign Minister Says - NYTimes.com
Samsung, Sony, HP announce new Android tablets - latimes.com
10 curses of the analytical thinker| Downloads | TechRepublic
10 curses of the analytical thinker | TechRepublic
Cracking Open the Microsoft Surface Pro | TechRepublic
Five IM systems built for the enterprise | TechRepublic
Copyright Alert System Launches | Home Media Magazine
New study links extreme weather to climate change
ZTE unveils the Grand Memo phablet, plus Firefox OS-based ZTE Open | ZDNet
Build a media converter with Python, Qt and FFmpeg | Linux User
Linux Today - Build a media converter with Python, Qt and FFmpeg
ZTE Grand Memo Hands-On - YouTube
Grand Memo phablet - Google Search
Grand Memo phablet - Google Search
Copyright Alert System gets started, ISPs ready to lay the smack down on P2P piracy
News 02-24-13
Reading Sensors with Scratch
Multibooting the Raspberry Pi
Automated pH Control
Firefox to begin blocking third-party cookies by default | PCWorld
Insurgents Launch 4 Attacks in Afghanistan - NYTimes.com
Palestinians Demand Inquiry Into Detainee’s Death in Israel - NYTimes.com
Michael Goldfarb Gleeful Provocateur at Intersection of Many Worlds - NYTimes.com

No comments: