Shulou(Shulou.com)06/01 Report--

The main forms of network hijacking:

In recent years, traffic hijacking (network hijacking by operators) has occurred frequently, and various ways have emerged one after another. Easy maintenance-EVTrust summarizes various network hijacking phenomena and their harm.

1. When the domain name is hijacked, the user wants to visit website A, but the domain name is resolved to another address, so the user cannot access the page they want to visit normally, and the website traffic is damaged. If the domain name is resolved to a malicious fishing net station, resulting in loss of users' property, for example, online users who originally wanted to visit a well-known financial website are redirected to another fake website that looks very similar, thus obtaining user data, resulting in heavy losses for enterprises and users.

2. The network robbery held by the operator will pop up advertisements on the website, not all websites will play, and generally large portals will not play, which will make people think that some websites will fail in the first place. this will directly affect the credibility of the website operated by the company in the hearts of users and damage the company's interests. Even if you change the DNS, you will play it. Generally speaking, you will think of DNS hijacking. Now operators are smarter and hijack with gateways, and all the traffic users have will not escape the demon. In particular, some operators are increasingly doing whatever they want. after a seriously affected enterprise complains to the Ministry of Industry and Information Technology, he may apologize for rectification and soon begin to play hooligans again.

3. With the continuous development of the network, the development of App based on Web is in full swing in recent years, but its underlying protocol has not been greatly improved-HTTP, everything is transmitted in plaintext, and the traffic can be controlled at will on the way. While the WebApp used online, there are not only communication data, but also program interface and code in the traffic, so it is almost easy to hijack all kinds of *.

4. Insecure Wi-Fi and cookie are everywhere. If you use HTTP in public places (such as computers in public WiFi or Internet cafes), you will be hijacked if you do not log in. On your own devices, everyone will remember the login status of various accounts. Anyway, it is only for your own use, and it is no big deal. However, in a public hijacked network, even if you browse the most common web page, perhaps a silent espionage script is hidden, secretly visiting your logged-in web page and manipulating your account.

How to prevent all kinds of network hijacking and avoid these hazards?

Install the SSL certificate to achieve HTTPS encryption. Unlike simple Http proxies, HTTPS services require SSL certificates issued by authoritative CA institutions to achieve very good results. The self-signed certificate browser does not recognize it and will give you a serious warning. When you encounter the warning of "there is a problem with the security certificate of this website", most users do not understand what is going on, so they click to continue, resulting in allowing * pseudo certificates, and HTTPS traffic is hijacked. If important account websites encounter this situation, they should not click on relay in any case, otherwise the door key may fall into the hands of *. A self-signed certificate refers to a certificate issued at will by any untrusted institution or individual, which is easy to be forged and replaced.

Is it important to do site-wide HTTPS to prevent network hijacking?

Case 1: jump from the http page to visit the https page, in fact, in the PC side of the Internet, there are few directly access to the HTTPS website. Alipay sites, for example, are mostly redirected from Taobao, which still uses the insecure HTTP protocol. If you inject XSS into the page of Taobao, block the jump to the page of HTTPS and replace it with HTTP, then users will never be able to enter the secure site. Although the word HTTPS does not appear in the address bar, the domain name looks correct, and most users will think it is not a phishing site, so they will ignore it. Therefore, as long as the entry page is not secure, then the security of the subsequent page will not help.

Case 2: the http page is redirected to the https page. Some users access it by entering a URL. They enter a URL and enter it. However, the browser does not know that this is a HTTPS site, so it uses the default HTTP to access it. However, this HTTP version of Alipay does exist, and its only function is to redirect to its own HTTPS site. Once the middleman who hijacks the traffic finds that there is a redirect to the HTTPS site, he stops the redirect command, gets the redirected site content by himself, and then replies to the user. As a result, users always visit the HTTP site, which naturally can be hijacked indefinitely.

Major well-known websites at home and abroad (PayPal,Baidu,95516.net,Facebook,Gmail,Hotmail, etc.) use the wildcard SSL certificate to ensure the security of users' confidential information and transactions, and prevent conversations and middlemen. From the above hijacking cases, we can see that Https is a very effective traffic hijacking prevention measure, whether Internet service providers or the majority of netizens, for our own account security and rights, should form the habit and awareness of using https to visit websites, important websites must use HTTPS protocol, login should pay special attention!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.