Bruce Schneier has an interesting post about man-in-the-middle attacks. These are situations in which party A and party B are trying to exchange sensitive information privately (for instance, credit card numbers or orders for moving hostages) without realizing that party E is in between them, pretending to be party A to party B, and vice versa.
The attack model has been mentioned here before in the context of cellular phones. It is rather more interesting in the context of the Betancourt rescue from the FARC.
Author: Milan
In the spring of 2005, I graduated from the University of British Columbia with a degree in International Relations and a general focus in the area of environmental politics. In the fall of 2005, I began reading for an M.Phil in IR at Wadham College, Oxford.
Outside school, I am very interested in photography, writing, and the outdoors. I am writing this blog to keep in touch with friends and family around the world, provide a more personal view of graduate student life in Oxford, and pass on some lessons I've learned here.
View all posts by Milan
MITM Implementation Examples
* dsniff – A tool for SSL MITM attacks
* Cain – A Windows GUI tool which can perform MITM attacks, along with sniffing and ARP poisoning
* Ettercap – A tool for LAN based MITM attacks
* Karma – A tool that uses 802.11 Evil Twin attacks to perform MITM attacks
* AirJack – A tool that demonstrates 802.11 based MITM attacks
* wsniff – A tool for 802.11 HTTP/HTTPS based MITM attacks
* an additional card reader and a method to intercept key-presses on an Automated teller machine
Man-in-the-Middle Attacks on Lenovo Computers
It’s not just national intelligence agencies that break your https security through man-in-the-middle attacks. Corporations do it, too. For the past few months, Lenovo PCs have shipped with an adware app called Superfish that man-in-the-middles TLS connections.