Get the LinuxSecurity news you want faster with RSS
Powered By
Security Dictionary
Can't tell 'smtp' from 'snmp'? Find the precise meaning of these and hundreds of other security-related terms in our convenient and up-to-date Security Dictionary.
man-in-the-middle
(I) A form of active wiretapping attack in which the attacker
intercepts and selectively modifies communicated data in order to
masquerade as one or more of the entities involved in a
communication association. (See: hijack attack, piggyback attack.)
(C) For example, suppose Alice and Bob try to establish a session
key by using the Diffie-Hellman algorithm without data origin
authentication service. A "man in the middle" could (a) block
direct communication between Alice and Bob and then (b) masquerade
as Alice sending data to Bob, (c) masquerade as Bob sending data
to Alice, (d) establish separate session keys with each of them,
and (e) function as a clandestine proxy server between them in
order to capture or modify sensitive information that Alice and
Bob think they are sending only to each other.
