1. What threat model does TLS/SSL not address?
2. Give an example of bad encryption. Explain why it is bad, how an attacker could exploit the weakness, and what resources would be required for this exploit.
3. Browser helper objects, add-ons, extensions, and/or plug-ins are commonly used in a man-in-the-browser (MITB) attack, similar to a man-in-the-middle (MITM) attack. Come up with three different examples for how such an attack could cause serious consequences for the user and/or the organization with which she is communicating.
4. Research three examples of known MITB threats. In a one-paragraph summary for each threat, describe the name of the threat, targeted operating system(s) and browser(s), what the attack targets, how the attack is installed into the browser, and how it works. At least one of the attacks must not target Microsoft Windows as the OS.
This material may consist of step-by-step explanations on how to solve a problem or examples of proper writing, including the use of citations, references, bibliographies, and formatting. This material is made available for the sole purpose of studying and learning - misuse is strictly forbidden.
4. OddJob is another Trojan that targets Windows OS and well-known browsers (IE and Firefox). This MITB attack intercepted the communication between a client browser and financial institutions like banks. The Trojan was capable to perform logging for GET and POST requests of the web conversations before grabbing full pages (Samson, 2011). The main exploit used by the malware involved the legitimate logout requests performed by the clients; the security controls were bypassed and the sessions remained in fact active. It was difficult to trace this Trojan since its configuration was not downloaded on the hard drive; instead it was fetching a new copy of the command and control protocol each time when a new browser was open....
This is only a preview of the solution. Please use the purchase button to see the entire solution