Man-in-the-Middle Attacks: Helping to Eliminate the Threat Without Impacting the Business
Well known in the cryptography community, Man-In-The-Middle (MITM) attacks have long been recognized as a potential threat to Web-based transactions by security experts. But in the summer of 2006, and ongoing through 2008 and beyond, these attacks became much more widely recognized as a serious and real threat when a large, global financial institution's business customers were targeted by attackers using MITM tactics. Leveraging one of the most serious methods of compromising Web transactions, MITM attackers "Get in the middle" - or between a customer and a legitimate Web-based application. From this position, they intercept all communications and can not only observe but also modify transactions.