Hijacked by the man-in-the-middle
Got your own spyware horror story?
I thought I was safe. I had up-to-date antivirus and spyware protection, a firewall, and a router set with MAC filtering, broadcast off, and other secure nondefault settings.
Then these weird certificates I had never seen before began popping up at sites such as PayPal, eBay, and Newegg. I went to check my logs and sure enough, someone was trying to enable the promiscuous mode on my router. Port 67 was being probed, and I was losing control of my browser when trying to enter financial data for banking and buying.
Then I read about man-in-the-middle attacks, which basically fool computers by acting like a service provider's server. I didn't understand how my data was traveling unencrypted over the Internet regardless of my firewall, spyware remover, and antivirus protection. I immediately stopped all financial transactions until I could find a solution. I never did accept the certificates that started popping up on eBay, Newegg, and PayPal.
I subscribed to HotSpotVPN, and now my data encryption is up to government standards. I think the man in the middle has finally given up.
Reply from the Download.com editors:
Whew! This one had our knees knocking imagining the angst of having your control--and private information--pried out of your hands by a sneaky man-in-the-middle (MITM) attack. Luckily you're a survivor, Eric, and your use of HotSpotVPN was a smart move. Using a virtual private network with 256-bit encryption certainly would reestablish the security compromised by the MITM.
It sounds as though you were attacked though your wireless connection. As you discovered the hard way, wireless networks are especially vulnerable to this kind of breach, and even a passel of scanners, blockers, encryptions, and 802.11 security won't guarantee your immunity. MITMs take advantage of one-way authentication from the network to any valid Media Access Connection (MAC, which MITM can easily set up) to slip between the network and your computer. Once there, the MITM can piggyback on your surfing and feast its eyes on all data flowing in and out of your computer.
You hit on one of the ways to shield yourself from MITM attacks, which is using a virtual private network (VPN) with mutual authentication. You can gird your defenses even more by installing a wireless Intrusion Detection System (IDS) such as BlackICE PC Protection or Securepoint Intrusion Detection. You also can use directional antennae or lower the broadcast point of the access point to limit exposure.
Most recent horror stories
| 4/12/06 | Blitzkrieg! |
| 4/5/06 | Registry cleaning error? |
| 3/29/06 | A Trojan stole my Web sites |
| 3/22/06 | Playing with firewalls |
| 3/15/06 | My brother's keeper |
| 3/8/06 | Roaches of the virtual world |
| 3/1/06 | Time to switch your OS |
Award-winning detection combined with ease of use makes Spyware Doctor 2010 the only choice for antispyware.
