
Website-Targeted False Content Injection by Network Operators - seventyhorses
http://arxiv.org/abs/1602.07128
======
lolc
Wow at first I thought I must have misread the title. Sounds overly alarmist
doesn't it? Nobody would do something like this right? Well the piece is
pretty explicit about what and where this is happening.

One way I could imagine to pull this off with little effort is if I'm in an
unmanaged Ethernet segment with the targeted server. If you can cajole the
switch to send you traffic destined to other stations, you can easily race
their response. You wouldn't even have to crack any equipment that way.

------
revelation
This race is also how QUANTUM is supposed to work:

[https://en.wikipedia.org/wiki/Tailored_Access_Operations#QUA...](https://en.wikipedia.org/wiki/Tailored_Access_Operations#QUANTUM_attacks)

I wonder if we'll see kernel drivers/software purpose made for detecting those
situations soon (duplicate responses to the same request) and logging the
traceroute in some database to identify the bad actors.

------
TazeTSchnitzel
Yet another malicious activity that TLS prevents! It's quite wonderful.

------
jimrandomh
I am nearly certain that the majority of these injections will trace back to
hacked routers, doing it without the network operators' knowledge.

------
SimeVidas
That's the legal status of this?

~~~
eximius
Probably legal due to various legalese in agreements we sign with our ISPs and
the ISPs sign with other providers.

Still a dick move.

~~~
corybrown
Are those enforceable? It seems like you could hide all sorts of nastiness in
there.

~~~
orionblastar
I think it is enforcable because of terms of service agreements and hidden
stuff in them.

Pushing advertisement is one thing, but if they push adware and other malware
it starts to become out of hand.

It is like Soutceforge and CNet Downloads adding toolbars and adware to apps
you download from them. It makes them unpopular, but they are trying to earn
money.

Expect more of this sort of stuff as companies use it to earn more money.

Many network devices are old and don't have firmware updates and can be
exploited.

------
woah
I don't understand why people have a problem with this. It's sleazy, sure. But
clients should never trust the network.

The fact that this is happening is due to protocol and software faults that
need to be fixed.

Once your network client can no longer be fooled with rubbish inserted by
someone who happens to own some wires, then fake responses become a simple
matter of bandwidth and QOS agreement, like dropped packets.

The fault here lies with the developers of insecure network client software.

