Skip to main content

Diagram 1: Man in the Middle attack

Man in the Middle, or MITM for short, a hacking attack that is useful to achieve various goals. Attack commences usually from infecting victim's device or network, and attacker engage in initial Internet transaction called handshake, which aims to establish identities between user/client and server. Simplified, attacker act as a proxy between client and server without knowledge of both. User believes attacker is actually a server, and server consider attacker as an authenticated user.


At this point, attacker is able to capture all data even if connection is encrypted. This includes data originating from user such as credentials, and data from server. Also attacker is having full control over data transferred and is able to alter it in any way, freely changing response from web service for own convenience - for example after successfully capturing credentials display the message to the user that service is unavailable and user should try again in few minutes so attacker may disengage unnoticed and restore normal connection.

Comments

Post a Comment

Popular posts from this blog

Computer Ethics

The invention of computers was undeniably significant milestone for civilisation. Creation of that extensively versatile and multipurpose device was an advancement that commenced a new age - Information Age - in a history of humankind. However with new possibilities, new threats follows: cyber crime, cyber terrorism or cyber war. Computer ethics consists of rules, practices and areas that should be taken into consideration while designing, implementing and using information and communication technologies. It was a predecessor to ICT related legislation and expands current legal obligations for every individual involved.  The first of computer ethics commandments says: "Thou shalt not use a computer to harm other people".   Often ethic codes are assigned to activities that have potential to be unethical, and within computer sciences the first thought is majorly hacking. In general, hacking refers to activities leading to acquire access to systems or data without permission...
Post a Comment
Read more