AKIT
English Eesti

man-in-the-middle attack

vahendusrünne

olemus
suhtluspoolte teabevahetust manipuleeriv rünne

ISO/IEC 29115:
rünne, mille sooritaja saab kahe poole vahelisi
sõnumeid salaja lugeda, lisada ja muuta

näide
autentimisprotseduuri aktiivne pealtkuulamisrünne:
- ründaja muudab edastatavaid andmeid ja
- teeskleb tundliku teabe saamiseks üht sidepooltest
- kui ta vahetab ühe poole avaliku võtme enda omaga,
saab ta dekrüpteerida tollele saadetud krüptogrammi

ülevaateid
https://www.slideshare.net/DeepakUpadhyay14/man-in-the-middle-attack-73983358

https://www.slideshare.net/apurv_verma007/man-in-the-middle-35374464

https://www.owasp.org/index.php/Man-in-the-middle_attack

https://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf

https://www.sans.org/reading-room/whitepapers/threats/ssl-man-in-the-middle-attacks-480

https://news.netcraft.com/archives/2016/03/17/95-of-https-servers-vulnerable-to-trivial-mitm-attacks.html

https://www.blackhat.com/presentations/bh-usa-03/bh-us-03-ornaghi-valleri.pdf

http://www.cs.ru.nl/bachelorscripties/2015/Ronnie_Swanink___4382838___Persistent-effects-of-man-in-the-middle-attacks.pdf

tõrje
http://www.computerweekly.com/tip/Man-in-the-middle-attack-prevention-strategies

https://www.rapid7.com/fundamentals/man-in-the-middle-attacks/

https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/infosec-guide-defending-against-man-in-the-middle-attacks

https://www.slideshare.net/nowsecure/cutting-out-the-middleman-maninthemiddle-attacks-and-prevention-for-mobile-apps

https://blog.fox-it.com/2017/12/14/lessons-learned-from-a-man-in-the-middle-attack/

https://securitygladiators.com/man-in-the-middle-attacks/

https://www.clickssl.net/blog/how-to-stay-safe-against-the-man-in-the-middle-attack

vt ka
- brauseripete
- mobiilipete