Bruce Schneier has an interesting post about man-in-the-middle attacks. These are situations in which party A and party B are trying to exchange sensitive information privately (for instance, credit card numbers or orders for moving hostages) without realizing that party E is in between them, pretending to be party A to party B, and vice versa.
The attack model has been mentioned here before in the context of cellular phones. It is rather more interesting in the context of the Betancourt rescue from the FARC.
{ 1 comment… read it below or add one }
MITM Implementation Examples
* dsniff - A tool for SSL MITM attacks
* Cain - A Windows GUI tool which can perform MITM attacks, along with sniffing and ARP poisoning
* Ettercap - A tool for LAN based MITM attacks
* Karma - A tool that uses 802.11 Evil Twin attacks to perform MITM attacks
* AirJack - A tool that demonstrates 802.11 based MITM attacks
* wsniff - A tool for 802.11 HTTP/HTTPS based MITM attacks
* an additional card reader and a method to intercept key-presses on an Automated teller machine