The Results of Ignoring That Browser SSL Certificate Warning

This is in response to the following article: https://www.theverge.com/2018/4/24/17275982/myetherwallet-hack-bgp-dns-hijacking-stolen-ethereum

“But anyone who clicked through this certificate warning was redirected to a server in Russia, which proceeded to empty the user’s wallet. Judging by wallet activity, the attackers appear to have taken at least $13,000 in Ethereum during two hours before the attack was shut down. The attackers’ wallet already contains more than $17 million in Ethereum.”

Accepting invalid certificates is dangerous, and users that ignore the warnings end up with results like those mentioned above. This kind of attack can happen even if you don’t see a certificate warning if the attacker holds a valid certificate, or can convince you to accept a compromised certificate authority.

This is another one of those hacks that is exactly what DTRelay fixes!

DTRelay is a middleware that provides authentication without exposing client-side tokens where hacking occurs. DTRelay enhances the security of web and mobile apps while simultaneously making them easier to build. DTRelay Technology protects communication from a device (including mobile) to your company’s API, which is where hackers steal personal information.

What About Compromised Credentials

DTRelay has a process allowing you to build complex apps where none of the sensitive data is exposed. DTRelay allows for secure implementation of HTML and JavaScript on Content Delivery Networks (CDN), improving the users experience across mobile or web traffic, while being completely secure.

Only The Associated Relay Can Verify The Signature

With DTRelay, we are talking about true end-to-end communication and easily authorizing each machine in the communication chain. This allows your security team to know exactly which machines are talking to each other and seamlessly reject unauthorized requests.
DTRelay dramatically reduces the attack surface used to target JavaScript and HTML, making it virtually impossible to expose your secure data to hackers.

To identify registered applications, API providers often require a consumer key/secret value to authorize requests. These values are used for every request on behalf of the application and compromise can let an attacker masquerade as the application.

With DTRelay, these credentials can be stored securely on the server, out of the reach of users. Moreover, OAuth tokens are stored in DTRelay and never sent to the client application, so DTRelay can be used as a security layer on top of OAuth2 to prevent the exposure of the access token during requests.

As an added benefit of using DTRelay to relay messages to APIs, the relay can also be used as a proxy server, allowing protected resources to remain behind internal firewalls with DTRelay as a single, exposed destination.

DTRelay Even Protects Images

● During initialization, the relay provides the client application with a secret
● We can use this secret value to encrypt image during transfer
● The relay decrypts the image and processes it as a standard upload
● This same technique is used to encrypt any “protected parameters” so that they are tamper-proof and undecipherable in-transit (even without SSL)

Web Applications Suffer From High-Severity Vulnerabilities

This is in response to the following article: https://securityintelligence.com/news/94-percent-of-web-applications-suffer-from-high-severity-vulnerabilities/

“Ninety-four percent of all web applications suffer from high-severity software vulnerabilities, a new report revealed”

We agree that being proactive, and implementing security measures is key to protecting web applications and is so vital. We wanted to share what we have done to protect the communication between a company’s API and their applications.

DTRelay is patent-pending middleware that provides authentication without exposing client-side tokens where hacking occurs. DTRelay enhances the security of web and mobile apps while simultaneously making them easier to build. It was created for web and mobile applications to run efficiently on Content Delivery Networks (CDN), and during the engineering process we solved other security risks.

DTRelay establishes a shared-secret between the client and server, and gives you secure tokens in JavaScript-Based Apps. DTRelay makes Mobile and Web Apps safer, plus it will save you time and money.

We also have a technology called DT Framework that automates software development which reduces development time by 75% to 85% by being able to build re-usable components that are powerful. It allows developers to build apps smarter, better, faster, more secure.

DT Framework can be used to write shorter, more modular, more secure code for a wide variety of systems. Click here to see how to build an app using DT Framework.

DT Framework includes a full-featured Model-View-Controller (MVC) framework that takes an API-centered approach to web and mobile application development.

Unique features include:

  • Less development cost: Build pure-static, OAuth-based apps in minutes
  • Better performance: Multiple levels of customization give granular optimization
  • Scalability: Modular, object-oriented design allows for linear complexity at any scale
  • Ease of use: Schema management with automatic reversibility and conversion
  • Complex datatypes: DTModel’s manifests connect deep hierarchies during ingest and request

More than an MVC:

  • Manage your own content/schema in DTCMS
  • Manage your local or cloud deployments
  • Migrate data from any source to any destination