You Me and the "Man In The Middle" Attack

Who is the Man in the middle and what does he want? The MITM is a type of attack where a person running some piece of software makes you/your computer think that they are communicating with someone else.

A Factious Example:
Imagine for example someone pirated your ISP's local DNS server so you thing safe-online-store.com is at the virtual address (IP Address) 1.2.3.4 while the real safe-online-store.com is located at 1.2.4.3. Now this evil doer made sure that he has a computer set up at 1.2.3.4 which sits and relays all the information to 1.2.4.3 using your credentials. The sale you make goes through, so you don't notice the extra 1 second it took for evil-hacker.com located at 1.2.3.4 to act as your messenger, and record every bit of credit card information you sent.

There are some delicate steps during the initial secure connection where systems are vulnerable against this sort of attack. Even worse as you can see it is hard to even notice the man behind the curtain, even if you are paranoid and drink 8 double espressos a day. Think of a proxy server, who's sole purpose is to catch and store information for you to save your computer some time every time it tries to look for something.

Wow you mean there is no way to security communicate? No, not entirely. There are things you can do to greatly reduce the possibility of MITM attacks. For starters before any communication, you can check to make sure you get secure certificates from a trusted CA (certificate authority). You can also have your computer query multiple DNS servers to triangulate the results they give you, unfortunately most applications communicate using a very poor system currently.

Before you go run out and buy certificates like sliced bread it is also worth noting that even if you don't have a little security icon, you can have secure communication too (via cgi/java apps, etc.). There is no guaranteed security software system, especially across the web. The best you can do is check to make sure there is a "reasonable" amount of security.

For instance when I buy things online i talk to others that have bought things from them before that i trust, I check to make sure the company has been around for a while, I do a DNS lookup (and compare ip's) to make sure I am looking at the right site, then i look at their cert, then I make sure they are using a current version of apache or other good web server and that my order/transaction will be sent over https, then I make sure I have to enter the security code on my CC.

Those are just some basic things that everyone can do to make sure that anyone can (and should) do to make sure that the company at least has a legitimate appearance. The only secure computer is one that is turned off and that has no way to turn it on... and no physical connections, and that is buryed under a steel reinforced slab of concrete =P

So in response to: How do apps prevent MITM attack?

If you are running the app on your network, one model is to distribute keys/certificates through an alternate method then using the application (which will download the key/cert again).

So you can FTP 10 public 4096 bit key/certs to your 10 servers, during configuration before using the app. Another way is using USB key chains and physically adding them. You can also take a look at using byzantine generals as an analogy to the problem:

• http://www.cs.cornell.edu/gupta/byzantine.htm
• http://citeseer.ist.psu.edu/lamport82byzantine.html katy perry mp3 download, e t.
• http://portal.acm.org/citation.cfm?id=872070

The best solution for software (and possibly a revision of https) is to use a similar solution to abilities generals in order form a circle of trust between computers. So in other words your client will contact a list of x random of servers it has on a server list. Then it will validate that the response from all the servers are the same. This technique is called "Triangulation" of your results.