olemus
suhtluspoolte teabevahetust manipuleeriv rünne

ISO/IEC 29115:
rünne, mille tegija saab pooltevahelisi
sõnumeid salaja lugeda, lisada ja muuta
= attack in which an attacker is able to read, insert, and modify messages between two parties without their knowledge

näide
autentimisprotseduuri aktiivne pealtkuulamisrünne:
ründaja muudab edastatavaid andmeid ja
teeskleb tundliku teabe saamiseks üht sidepooltest:
kui ta vahetab ühe poole avaliku võtme enda omaga,
saab ta dekrüpteerida tollele saadetud krüptogrammi

ülevaateid
https://en.wikipedia.org/wiki/Man-in-the-middle_attack

https://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf

https://news.netcraft.com/archives/2016/03/17/95-of-https-servers-vulnerable-to-trivial-mitm-attacks.html

https://www.blackhat.com/presentations/bh-usa-03/bh-us-03-ornaghi-valleri.pdf

http://www.cs.ru.nl/bachelorscripties/2015/Ronnie_Swanink___4382838___Persistent-effects-of-man-in-the-middle-attacks.pdf

https://explore.avertium.com/resource/mitm-attacks-evilproxy-and-evilginx

tõrje
https://www.itgovernance.eu/blog/en/how-to-defend-against-man-in-the-middle-attacks

https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/infosec-guide-defending-against-man-in-the-middle-attacks

https://blog.fox-it.com/2017/12/14/lessons-learned-from-a-man-in-the-middle-attack/

https://securitygladiators.com/man-in-the-middle-attacks/

https://www.clickssl.net/blog/how-to-stay-safe-against-the-man-in-the-middle-attack

https://www.varonis.com/blog/man-in-the-middle-attack/

vt ka
- brauseripete
- meilipete
- mobiilipete