The term man in the middle denotes an encryption attack on a computer network. It is a third host that transparently forwards digital information as a gateway between two or more communication partners and spies simultaneously. The sender and recipient are unaware that there is a third host between the two and that they are not actually communicating directly.
As web users we are exposed to all kinds of threats, whenever we are connected there will be malicious attacks that seek to access our data by taking advantage of vulnerabilities in the communications that we establish every day.
Let’s say you connect to a WiFi network on the street to check your social networks and your email calmly. A malicious hacker can intercept communications between your computer or your smartphone and the WiFi network, having access to everything you do, if the WiFi network is not encrypted or protected in some way.
The two most common types of MitM (Man in the Middle) attacks are SSL Stripping and SSL bumping. SSL Stripping causes an evasion of the automatic redirection that HTTPS connections secure and SSL Bumping uses fake SSL certificates to trick applications and Web browsers into thinking they are using private Web connections.
There are some measures we can take to protect ourselves from MITM attacks, it must be said that these methods are not 100% infallible but they improve our chances.
▸Activate two step verification
In this way you will improve your protection when surfing the net, as many services have begun to offer two-factor verification in their services to increase the security of access to user accounts.
▸Always use HTTPS
Every time you visit a page on the network, make sure the address shows HTTPS instead of HTTP, and if it doesn’t, type it in manually. This doesn’t protect you from client-side vulnerabilities, and from sites that haven’t patched Heartbleed if they were affected, but it does at least prevent less sophisticated attacks from intercepting your communications.
[…] also:Man In The Middle – Be careful with these attacksPhishing – simplest but dangerous way of […]