Man-in-the-middle attack

Data theft positioned between sender and receiver

Man-in-the-middle attacks are a form of data theft, carried out by the attacker being positioned between the victim and wherever they are sending their data.

The most common implementation is where an attacker bypasses online banking security by receiving login and transaction information, passes it on to the banking site with any required alterations, and sends the banking site's details back to the victim, again with minor alterations so the victim is unaware of the attack.

Man-in-the-middle techniques are particularly difficult to detect and protect against, as they usually take place on a different system from the victim and their bank. It is also possible to bypass strong security measures such as two-factor authentication and one-time passwords using such techniques.

Glossary


	Similar entries Browser Helper Object Buffer overflow Command and control Cookie False positive Greyware Hacker tool Hosts file Open redirect Potentially unwanted Riskware Rogue anti-malware Social engineering Stack overflow Vulnerability Web bug Zero-day exploit See also Glossary Resources

Quick Links

Poll

The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Leave a comment
View 11 comments

Jobs


	In Virus Bulletin's jobs pages among others: Software Engineer (Broomfield, Colorado, United States) Security Response Engineer (Dublin, Ireland)

Virus Bulletin currently has 224,243 registered users.

Fighting malware and spam

Man-in-the-middle attack

See also