Closed Zwilla closed 6 years ago
409H
commented
7 years ago I'm unsure you understand the function and communication layers of Google Translate. It's simply a HTTPS proxy - not really a MiTM attack.
MEW has a (EV) ssl cert also, so if the certificate is invalid, it will prevent communication.
Zwilla
commented
7 years ago Sorry 409h, but I think you did not fully understand this.
409H
commented
7 years ago If a proxy cracks files
What do you mean?
I think this is a non-issue to be honest. Who runs MyEtherWallet via proxy/Google Translate when;
1) MyEtherWallet is supported in a lot of languages. 2) The official site is served over SSL. 3) You can download and run it locally.
I feel your argument is just against using MyEtherWallet over Google Translate, which is limited and probably not happening by anyone, so a non-issue.
Can you expand, please.
gamalielhere
commented
6 years ago Closing this issue. Don't hesitate to reopen if needed.
Dear Team, as you know I worked since one month on a high security fork of MEW, called MTW.
All my research you can find here: https://github.com/Zwilla/mytokenwallet.com/blob/master/New_Features_on_MyTokenWallet.md see No. 10 Man-in-The-Middle-Attack possible - proof!
New release is in online: https://myTokenWallet.com
Proof! Test it by your self! MITM-Attack
Dear Team, If you want to learn about how to protect read this: https://en.wikipedia.org/wiki/Man-in-the-middle_attack#Defense_and_detection
p.s. Your current code is also not resistant against MITB Attacks- PDF of Sans.org! USERS - Stop using Safari browser <= Version 10.1.2 (12603.3.8), yes it is the current version. Only on the Safari Technology Preview the bug is fixed!
Today I will make a video to proof that Safari is an infected and buggy browser <= Version 10.1.2 (12603.3.8)