Don
Redirection and decryption of mobile traffic: Is your browser a MitM?
Takeaway: By design, certain mobile web browsers send HTTPS-encrypted traffic to their home servers first. Michael Kassner finds out why, and what it means to each of us.
If you think HTTPS traffic from your mobile web browser travels unaltered, and safely encrypted all the way to the remote web server you requested information from, don’t be so sure. Opera Mini developers were asked:
Is there any end-to-end security between my handset and - for example - paypal.com or my bank?
The answer:
Opera Mini uses a transcoder server to translate HTML/CSS/JavaScript into a more compact format. It will also shrink any images to fit the screen of your handset. This translation step makes Opera Mini fast, small, and also very cheap to use. To be able to do this translation, the Opera Mini server needs to have access to the unencrypted version of the webpage. Therefore no end-to-end encryption between the client and the remote web server is possible.
To rule out any doubt:
If you need full end-to-end encryption, you should use a full web browser such as Opera Mobile.Opera Mini
Just to be clear “end-to-end encryption,” in this case, means HTTPS (encrypted) traffic travels to a remote web server, a bank for example, unhampered (not decrypted).
I don’t use any of Opera’s web browsers. I’ll be honest, even if I did use Opera, I would not have known about the redirection. I only started checking what mobile web browsers were doing after a colleague informed me the tech press crucified Nokia for doing something similar.
How it started
Read More...http://www.techrepublic.com/blog/security/redirection-and-decryption-of-mobile-traffic-is-your-browser-a-mitm/9115?tag=nl.e036&s_cid=e036&ttag=e036
You May Also Like
- Wanted: Mac tip writerTechRepublic
- Manage your databases with ToadTechRepublic
- How to learn a language in 10 daysaralifestyle.com
- iTunes tip: Keep the “MiniPlayer” floating on your desktophere's the thing
- Redirection and Decryption of Mobile Web Traffic
- Nokia phone forcing traffic through proxy | Treasure Hunt
- Redirection and decryption of mobile traffic: Is your browser a MitM? | TechRepublic
- Laser Kaleidoscope uses more 3D printing and less scavenging
- Critter cam hacked from an old cellphone.
- Researchers say Stuxnet was deployed against Iran in 2007 | Reuters
- Take A Video Tour Of The International Space Station
- How to Tune a Guitar: 9 steps - wikiHow
- Automatic beer pourer was hacked together from a bit of everything
- Linux Today - LG acquires webOS from HP
- LG acquires webOS from HP - LinuxBSDos.com
- Linux Today - Installation of Seafile, open source Dropbox alternative for teams
- » Linuxaria – Everything about GNU/Linux and Open source Installation of Seafile, open source Dropbox alternative for teams
- Linux Today - Why the Ubuntu Tablet Is a Winner
- Why the Ubuntu Tablet Is a Winner - Datamation
- Getting to the Bottom of It All - NYTimes.com
- Hagel Survives Filibuster, Last Big Roadblock to Defense Post - NYTimes.com
- Supreme Court Rejects Challenge to Surveillance Law - NYTimes.com
- Primary Care Doctors Can Make the Wrong Call – WebMD
- Redirection and decryption of mobile traffic: Is your browser a MitM? | TechRepublic
- Nokia phone forcing traffic through proxy | Treasure Hunt
- News 02-25-13
- Linux Today - Open source app can detect text's authors
- Open source app can detect text's authors • The Register
- SCARA arm finally prints plastic parts
- Ubuntu with a GUI on a Beagleboard
- Modifying a printer for PCB fabbing
- Find Information on How To Delete Accounts on Various Sites Quickly and Easily
- how to easily delete your online accounts | accountkiller.com
- App.net's push for renewals starts with free accounts | Internet & Media - CNET News
- U.S. Gas Price Spike: Blame the Long Road From Well to Pump
- Mozilla's Firefox OS to rival iOS, Android with focus on open web standards | ZDNet
- 17 Tips on How to Make a Great Website - wikiHow
- Pediatrics Group Issues New Ear Infection Guidelines – WebMD
- Scientists Pinpoint How Deep Brain Stimulation Eases OCD – WebMD
- Syria Willing to Talk With Armed Opponents, Foreign Minister Says - NYTimes.com
- Samsung, Sony, HP announce new Android tablets - latimes.com
- 10 curses of the analytical thinker| Downloads | TechRepublic
- 10 curses of the analytical thinker | TechRepublic
- Cracking Open the Microsoft Surface Pro | TechRepublic
- Five IM systems built for the enterprise | TechRepublic
- Copyright Alert System Launches | Home Media Magazine
- New study links extreme weather to climate change
- ZTE unveils the Grand Memo phablet, plus Firefox OS-based ZTE Open | ZDNet
- Build a media converter with Python, Qt and FFmpeg | Linux User
- Linux Today - Build a media converter with Python, Qt and FFmpeg
- ZTE Grand Memo Hands-On - YouTube
- Grand Memo phablet - Google Search
- Grand Memo phablet - Google Search
- Copyright Alert System gets started, ISPs ready to lay the smack down on P2P piracy
- News 02-24-13
- Reading Sensors with Scratch
- Multibooting the Raspberry Pi
- Automated pH Control
- Firefox to begin blocking third-party cookies by default | PCWorld
- Insurgents Launch 4 Attacks in Afghanistan - NYTimes.com
- Palestinians Demand Inquiry Into Detainee’s Death in Israel - NYTimes.com
- Michael Goldfarb Gleeful Provocateur at Intersection of Many Worlds - NYTimes.com
No comments:
Post a Comment