Who are you really talking to?


in Geek stuff, Internet matters, Security

Bruce Schneier has an interesting post about man-in-the-middle attacks. These are situations in which party A and party B are trying to exchange sensitive information privately (for instance, credit card numbers or orders for moving hostages) without realizing that party E is in between them, pretending to be party A to party B, and vice versa.

The attack model has been mentioned here before in the context of cellular phones. It is rather more interesting in the context of the Betancourt rescue from the FARC.

{ 2 comments… read them below or add one }

. July 15, 2008 at 12:36 pm

MITM Implementation Examples

* dsniff – A tool for SSL MITM attacks
* Cain – A Windows GUI tool which can perform MITM attacks, along with sniffing and ARP poisoning
* Ettercap – A tool for LAN based MITM attacks
* Karma – A tool that uses 802.11 Evil Twin attacks to perform MITM attacks
* AirJack – A tool that demonstrates 802.11 based MITM attacks
* wsniff – A tool for 802.11 HTTP/HTTPS based MITM attacks
* an additional card reader and a method to intercept key-presses on an Automated teller machine

. February 22, 2015 at 2:21 pm

Man-in-the-Middle Attacks on Lenovo Computers

It’s not just national intelligence agencies that break your https security through man-in-the-middle attacks. Corporations do it, too. For the past few months, Lenovo PCs have shipped with an adware app called Superfish that man-in-the-middles TLS connections.

Leave a Comment

Previous post:

Next post: