Is it possible for an intruder to see the passwords that is being sent through a compromised router/networkconnection ?
43 views
Skip to first unread message
ME
Dec 20, 2020, 4:39:19 AM12/20/20
to qubes-users
Lets say I have a compromised router/networkconnection.
I use a Qubes OS pc to go on the internet through the compromised router/networkconnection.
Is it then possible for the intruder to see the passwords that I enter and is being sent through the compromised router/networkconnection ?
unman
Dec 20, 2020, 8:35:52 AM12/20/20
to qubes-users
Don't do this. In fact don't do *anything* in the clear.
Only use encrypted connections - https for web sites, TLS or other encryption methods for
SMTP/POP/IMAP to get mail, ssh, etc, etc.
Encrypt any valuable data.
Trust nothing.
Morten Eyrich
Dec 20, 2020, 10:18:10 AM12/20/20
to unman, qubes-users
Okay so if I have been using a https connection, then it's no problem... ?
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20201220133542.GD28281%40thirdeyesecurity.org.
viq
Dec 20, 2020, 1:13:00 PM12/20/20
to qubes...@googlegroups.com
On Sun, 2020-12-20 at 16:17 +0100, Morten Eyrich wrote:
> Okay so if I have been using a https connection, then it's no
> problem... ?
For a simple passive man-in-the-middle attacker, yes, encrypting connections is sufficient to protect them.
> Okay so if I have been using a https connection, then it's no
> problem... ?
For attackers willing to perform active attacks, or having access to a lot of resources (at least tens of thousands USD), it depends.
--
viq
Ulrich Windl
Dec 20, 2020, 7:11:10 PM12/20/20
to qubes...@googlegroups.com
On 12/20/20 4:17 PM, Morten Eyrich wrote:
> Okay so if I have been using a https connection, then it's no problem... ?
If they use a wrong certificate for a MITM attack they might decode your
> Okay so if I have been using a https connection, then it's no problem... ?
connection... It means nobody between you and the "next endpoint" can
read your password, but how to ensure what the "next endpoint" really is?
> <mailto:un...@thirdeyesecurity.org>>:
>
> On Sun, Dec 20, 2020 at 01:39:19AM -0800, ME wrote:
> > Lets say I have a compromised router/networkconnection.
> >
> > I use a Qubes OS pc to go on the internet through the compromised
> > router/networkconnection.
> >
> > Is it then possible for the intruder to see the passwords that I
> enter and
> > is being sent through the compromised router/networkconnection ?
> >
>
> Yes, but only if you send the password in the clear.
> Don't do this. In fact don't do *anything* in the clear.
> Only use encrypted connections - https for web sites, TLS or other
> encryption methods for
> SMTP/POP/IMAP to get mail, ssh, etc, etc.
> Encrypt any valuable data.
> Trust nothing.
>
> --
> You received this message because you are subscribed to the Google
> Groups "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to qubes-users...@googlegroups.com
> <mailto:qubes-users%2Bunsu...@googlegroups.com>.
> On Sun, Dec 20, 2020 at 01:39:19AM -0800, ME wrote:
> > Lets say I have a compromised router/networkconnection.
> >
> > I use a Qubes OS pc to go on the internet through the compromised
> > router/networkconnection.
> >
> > Is it then possible for the intruder to see the passwords that I
> enter and
> > is being sent through the compromised router/networkconnection ?
> >
>
> Yes, but only if you send the password in the clear.
> Don't do this. In fact don't do *anything* in the clear.
> Only use encrypted connections - https for web sites, TLS or other
> encryption methods for
> SMTP/POP/IMAP to get mail, ssh, etc, etc.
> Encrypt any valuable data.
> Trust nothing.
>
> --
> You received this message because you are subscribed to the Google
> Groups "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to qubes-users...@googlegroups.com
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/20201220133542.GD28281%40thirdeyesecurity.org
> <https://groups.google.com/d/msgid/qubes-users/20201220133542.GD28281%40thirdeyesecurity.org>.
> https://groups.google.com/d/msgid/qubes-users/20201220133542.GD28281%40thirdeyesecurity.org
>
> --
> You received this message because you are subscribed to the Google
> Groups "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to qubes-users...@googlegroups.com
> <mailto:qubes-users...@googlegroups.com>.
> --
> You received this message because you are subscribed to the Google
> Groups "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to qubes-users...@googlegroups.com
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/CANV8zv3%3DqzYZdT0rXxy2Z5rD3LPiU-Q%2BZusDTHYR2G_%2B0LNWmw%40mail.gmail.com
> <https://groups.google.com/d/msgid/qubes-users/CANV8zv3%3DqzYZdT0rXxy2Z5rD3LPiU-Q%2BZusDTHYR2G_%2B0LNWmw%40mail.gmail.com?utm_medium=email&utm_source=footer>.
Ulrich Windl
Dec 20, 2020, 7:15:18 PM12/20/20
to qubes...@googlegroups.com
On 12/21/20 1:08 AM, Ulrich Windl wrote:
> On 12/20/20 4:17 PM, Morten Eyrich wrote:
>> Okay so if I have been using a https connection, then it's no
>> problem... ?
>
> If they use a wrong certificate for a MITM attack they might decode your
> connection... It means nobody between you and the "next endpoint" can
> read your password, but how to ensure what the "next endpoint" really is?
Well actually they could construct a terribly poor or well-known
> On 12/20/20 4:17 PM, Morten Eyrich wrote:
>> Okay so if I have been using a https connection, then it's no
>> problem... ?
>
> If they use a wrong certificate for a MITM attack they might decode your
> connection... It means nobody between you and the "next endpoint" can
> read your password, but how to ensure what the "next endpoint" really is?
"secret" key so that the encryption is "pre-broken" (can easily be
decrypted).
haaber
Dec 21, 2020, 4:15:00 AM12/21/20
to qubes...@googlegroups.com
On 12/21/20 1:08 AM, Ulrich Windl wrote:
> On 12/20/20 4:17 PM, Morten Eyrich wrote:
>> Okay so if I have been using a https connection, then it's no
>> problem... ?
>
> If they use a wrong certificate for a MITM attack they might decode your
> connection... It means nobody between you and the "next endpoint" can
> read your password, but how to ensure what the "next endpoint" really is?
Ulrich is right. First, look at the "certificate story". These are meant
>> Okay so if I have been using a https connection, then it's no
>> problem... ?
>
> If they use a wrong certificate for a MITM attack they might decode your
> connection... It means nobody between you and the "next endpoint" can
> read your password, but how to ensure what the "next endpoint" really is?
ensuring that you can trust your endpoint. Certificates are
pre-installed in your browser, and one should check (and rarely does)
which ones to trust (and how much). Invented examples: If they are owned
by chinese or russian telecom company, do you trust it? State agencies
could intervene. Or british telecom (5eyes??). The actually used
hierarchical trust model might be a failure by design.
And then there are exploits. Example: some years ago Moxi Marlinspike
found the funny zero-byte error due to string handling: He proved that
you could buy for example the domain "com",0,"mand.org" and have the
trusted instances sign your subdomain google.com",0",mand.org" which
any firefox (at least) did recognise as valid certificate for google.com
since they considered the 0 byte as "end of string". You are not safe
from such type of exploits.
Conclusion as usual: if your life depends on it, do not trust https.
Mark Fernandes
Jan 4, 2021, 12:06:36 PM1/4/21
to qubes-users
On Monday, 21 December 2020 at 09:15:00 UTC haa...@web.de wrote:
On 12/21/20 1:08 AM, Ulrich Windl wrote:
> On 12/20/20 4:17 PM, Morten Eyrich wrote:
>> Okay so if I have been using a https connection, then it's no
>> problem... ?
>
> If they use a wrong certificate for a MITM attack they might decode your
> connection... It means nobody between you and the "next endpoint" can
> read your password, but how to ensure what the "next endpoint" really is?
Ulrich is right. First, look at the "certificate story". These are meant
ensuring that you can trust your endpoint. ...
...
Conclusion as usual: if your life depends on it, do not trust https.
Just for clarity, if your HTTPS connection is compromised, it probably will not matter much whether your router is compromised or not. With such in mind, so long as you use an HTTPS connection, you probably don't need to worry much about your router. As haa...@web.de implied, not all certificates are equal (in respect of risk), and you may personally trust some more than others. With respect to the other risks, perhaps using SSH and VPNs might be more secure? Using MFA, multi-step authentication, and/or regularly changing your password, can help mitigate damage in respect of your security credentials being captured.
Kind regards,
Mark Fernandes
Reply all
Reply to author
Forward
0 new messages