Friday, September 07, 2007

Man-in-the-middle Attack

This site has a pretty good explanation of a Man-In-The-Middle attack and different ways of doing this.

Man-in-the-middle Attack

This page explains how SSL might not always prevent man-in-the-middle attacks:

SSL not preventing man-in-the-middle attacks

Computer Weekly says RSA warns of more man-in-the-middle attacks as of August 15, 2007 due to free phishing kits being circulated:
Man-in-the-middle on the rise

I suggest the federal government puts out a free phishing tool - that sends the phishers details to the FBI.

This page suggests Firefox extensions are subject to Man-In-The-Middle attacks:
Firefox Man-In-The-Middle vulnerability

What we need are some good patterns out there to prevent this type of thing at all levels - network, application, and server configuration.

Also what is the fastest way to spot a man-in-the-middle attack?