Even HTTPS traffic can be intercepted.
The root of this flaw resides in the way proxy authentication is performed.
This kind of authentication is a backbone for organizations that deploy a strong firewall.
This can be achieved by numerous ways.
One way isARP Spoofing.
The attacker passes the requests and responses(HTTP is request/response based protocol) made prior to authentication.
And after authentication is done, the attacker waits for the victim to access a sensitive account e.g.
an E-mail account or Facebook account .
Since HTTP CONNECT requests are unencrypted, attacker easily identifies if such a request is made.
Then it may present the victim with a login page.
The victim submits his/her credentials unaware of what is happening within the internet.
This attack is successful against any website, whether it uses https or not.
Are some people more vulnerable than others?
the success of this attack also depends on the client side architecture.
Multiple software vendors deploy applications that can handle proxy connections.
Until now, Apple, Microsoft, Oracle, and Opera have acknowledged their products are affected.
Lenovo has said this bug does not impact its software.
Technical details about this flaw can be found on adedicated website.
US-CERT has also issued analert, in which users can track vendor responses for the FalseCONNECT vulnerability.
source: www.techworm.net
