paint-brush
Glossary of Security Terms: MitMby@mozilla
109 reads

Glossary of Security Terms: MitM

by Mozilla ContributorsSeptember 6th, 2020
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

A Man-in-the-middle attack intercepts a communication between two systems. MITM attacks are tough to defend. Public-Key-Pins (HPKP) can significantly decrease the risk of MITM by instructing browsers to require a whitelisted certificate for all subsequent connections to that website. Check for HTTPS in your address bar and ensure encryption is in-place before logging in. Don't just ignore certificate warnings. You could be connecting to a phishing server or an imposter server.

Company Mentioned

Mention Thumbnail
featured image - Glossary of Security Terms: MitM
Mozilla Contributors HackerNoon profile picture

A Man-in-the-middle attack (MitM) intercepts a communication between two systems. For example, a Wi-Fi router can be compromised.

Comparing this to physical mail: If you're writing letters to each other, the mailman can intercept each letter you mail. They open it, read it, eventually modify it, and then repackage the letter and only then send it to whom you intended to sent the letter for. The original recipient would then mail you a letter back, and the mailman would again open the letter, read it, eventually modify it, repackage it, and give it to you. You wouldn't know there's a man in the middle in your communication channel – the mailman is invisible to you and to your recipient.

In physical mail and in online communication, MITM attacks are tough to defend. A few tips:

  • Don't just ignore certificate warnings. You could be connecting to a phishing server or an imposter server.
  • Sensitive sites without HTTPS encryption on public Wi-Fi networks aren't trustworthy.
  • Check for HTTPS in your address bar and ensure encryption is in-place before logging in.

Learn more

View Previous Terms: