Talk:Man-in-the-middle attack: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Howard C. Berkowitz
(Starting comments)
 
imported>Sandy Harris
 
(2 intermediate revisions by 2 users not shown)
Line 8: Line 8:


[[User:Howard C. Berkowitz|Howard C. Berkowitz]] 10:59, 15 October 2008 (UTC)
[[User:Howard C. Berkowitz|Howard C. Berkowitz]] 10:59, 15 October 2008 (UTC)
==Looks pretty good==
If we follow the principle of putting specific techniques/case study detail in subarticles, this is about ready other than flow and copy edit. [[User:Howard C. Berkowitz|Howard C. Berkowitz]] 08:22, 14 June 2010 (UTC)
== Facebook as m-i-t-m attack? ==
They collect data you send to your friends and use it for their own purposes. That is not tehnically m-i-t-m. but privacy advocates don't like it.
[http://www.itworld.com/it-managementstrategy/247344/facebooks-man-middle-attack-our-data] [[User:Sandy Harris|Sandy Harris]] 05:27, 7 February 2012 (UTC)
== A Cert Authority admits issuing m-i-t-m certs ==
Intent was allegedly to allow corporate security at a client company to monitor their network. [http://www.infoworld.com/d/security/trustwave-admits-issuing-man-in-the-middle-digital-certificate-185972]. Company claims other CAs also do this. [[User:Sandy Harris|Sandy Harris]] 03:19, 13 February 2012 (UTC)

Latest revision as of 21:19, 12 February 2012

This article is developing and not approved.
Main Article
Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
To learn how to update the categories for this article, see here. To update categories, edit the metadata template.
 Definition An attack on a communications system in which the attacker deceives the communicating parties so they both talk to him while believing they are talking to each other. [d] [e]
Checklist and Archives
 Workgroup categories Mathematics, Computers and Military [Categories OK]
 Subgroup category:  Security
 Talk Archive none  English language variant Canadian English

Some things needed

Definitely, some sourcing, and some specific examples, are needed. As the creator, you get to assign the language variant. A definition will be needed.

While it is possible to go to approval without all links being blue, it helps to minimize them. Definitely, the crypto-specific terms used in the definition, such as active attack, need definitions. You may want to have some graphics explaining the sequence; while the article itself is very much in draft, look at Domain Name System security for examples of showing how threats build up, or a simpler step-by-step in anycast -- they are in a PowerPoint file if you'd like it as a template.

Especially when devices such as ATM switches or routers are in the path, and themselves may not run any of the crypto, you need to show how the flow goes to a proxying man-in-the-middle box.

Howard C. Berkowitz 10:59, 15 October 2008 (UTC)

Looks pretty good

If we follow the principle of putting specific techniques/case study detail in subarticles, this is about ready other than flow and copy edit. Howard C. Berkowitz 08:22, 14 June 2010 (UTC)

Facebook as m-i-t-m attack?

They collect data you send to your friends and use it for their own purposes. That is not tehnically m-i-t-m. but privacy advocates don't like it. [1] Sandy Harris 05:27, 7 February 2012 (UTC)

A Cert Authority admits issuing m-i-t-m certs

Intent was allegedly to allow corporate security at a client company to monitor their network. [2]. Company claims other CAs also do this. Sandy Harris 03:19, 13 February 2012 (UTC)