Getting into the midst of an association – aka MITM – is trivially simple

One of many things the SSL/TLS industry fails worst at is explaining the viability of, and risk posed by Man-in-the-Middle (MITM) assaults. I understand this it first-hand and possibly even contributed to the problem at points (I do write other things besides just Hashed Out) because I have seen.

Clearly, you realize that the attack that is man-in-the-Middle whenever a third-party puts itself in the exact middle of a connection. So it’s usually presented in the simplest iteration possible—usually in the context of a public WiFi network that it can be easily understood.

But there’s much more to attacks that are man-in-the-Middle including precisely how effortless it really is to pull one down.

Therefore today we’re planning to unmask the Man-in-the-Middle, this short article be considered a precursor to the next white paper by that same title. We’ll talk in what a MITM is, the way they really occur and then we’ll link the dots and mention exactly how HTTPS that is important is defending from this. Read More