Kazakhstan government has started man-in-the-middle attacks on all HTTPS internet traffic in the country by asking end-users to install government-issued certificate authority on all devices in every browser. bugzilla.mozilla.org/show…
πŸ‘︎ 458
πŸ’¬︎
πŸ‘€︎ u/ape_pants
πŸ“…︎ Jul 18 2019
🚨︎ report
Man-in-the-middle attack executed by a 5 year-old
πŸ‘︎ 403
πŸ’¬︎
πŸ‘€︎ u/martin191234
πŸ“…︎ Mar 14 2019
🚨︎ report
Preventing Man-in-the-Middle Attacks in iOS with SSL Pinning raywenderlich.com/1484288…
πŸ‘︎ 84
πŸ’¬︎
πŸ‘€︎ u/g0relics
πŸ“…︎ Oct 04 2019
🚨︎ report
ELI5: Man in the middle attack

I've seen a couple of explanations, but I don't understand it completely. Most explanations go something like this. Alice requests Bob for a key. Bob sends the key back. Eve(attacker) receives bob's key stores it, then sends Alice a different key. when Alice sends bob things, eve can decrypt it since Alice is using Eve's key. Eve then re-encrypts it using bobs key then sends it back to bob. The part I don't understand is why Eve supplies Alice with a different key. Alice already knows bob's key, so couldn't she already intercept Alice's messages and read them?

πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/cereal_final
πŸ“…︎ Apr 23 2020
🚨︎ report
Man in the Middle Attack on Email Recipient?

Hi,

So right now we have an external sender who's trying to send an email to one of our employees. But for some reason our employee cannot receive the emails. So I requested for a test email to be sent to me, and the employee CC'd (even email sent to him directly is not received). I was able to receive the email, but the CC'd employee was not able to. I've checked our mail logs in exchange and found no logs whatsoever, except for the email I received. I even consulted the team managing our postfix mail gateway and they said there was no smtp log except mine.

I was wondering if this could be some sort of a man in the middle attack, wherein our employees email address is being spoofed by another person? Also, would it be possible for me to trace what happened to the other CC'd employee through the internet headers of the email I receive?

I appreciate the responses in advance, thanks!

πŸ‘︎ 5
πŸ’¬︎
πŸ‘€︎ u/bigwoggadogga
πŸ“…︎ Aug 31 2019
🚨︎ report
Hacking an Audi: performing a man-in-the-middle attack on FlexRay medium.com/@comma_ai/hack…
πŸ‘︎ 9
πŸ’¬︎
πŸ‘€︎ u/commaaiarchive
πŸ“…︎ Mar 03 2020
🚨︎ report
Man-in-the-middle-attack: What is it, How does it work, Anatomy of #MITM attack, Types and Mitigation. thecybersecuritytimes.com…
πŸ‘︎ 2
πŸ’¬︎
πŸ“…︎ Mar 17 2020
🚨︎ report
Hacking an Audi: performing a man-in-the-middle attack on FlexRay medium.com/@comma_ai/hack…
πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/PowerOfLove1985
πŸ“…︎ Mar 09 2020
🚨︎ report
Help me remove this man in the middle attack.

I just found out that I’m a victim of a β€œman in the middle attack”. I’ve been trying to find unusual activity happening and I did. I was recently hacked and my accounts were compromised, including emails. I thought it was only my information on the computer that was hacked. I later found on a new email I created that a hacker was searching stuff in my activity. I then left that email alone and made a new one. I then received emails from a fake email from Facebook in German language on my new email saying β€œtrying to login into your account?” or something like that. I never used Facebook on the email. Everyone connected to the network is also receiving these phishing emails and are also being redirected to phishing sites. I formatted the pc that was infected and flashed the bios, but it seems to be happening still. So I’m sure it’s a man in the middle attack. I’ve factory reset the router and reset the firmware twice, still there. We contacted cogeco about this and they said our router is fine. But this activity keeps happening. When I go onto websites the language sometime is defaulted in German but the language in my google settings is English. I don’t know how to remove this β€œman in the middle attack” and would like help to remove this, I’m very worried because I don’t want my whole family to get their accounts compromised and fall for any phishing sites and emails. I’ve been trying to find out what to do by can’t find anything to fix it. Any help would be greatly appreciated.

πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/brixyie
πŸ“…︎ Dec 13 2019
🚨︎ report
[Oct 31: 2 months after 8.31 Attack] Man weeps before the police, "We are all Hong Kongers! Why are you treating Hong Kong citizens like this?" Police continue to deploy tear gas to disperse civilians in the area of Prince Edward. A middle-aged man weeps and begs the police... v.redd.it/sn06s1m9thw31
πŸ‘︎ 8
πŸ’¬︎
πŸ‘€︎ u/jvmesalexander
πŸ“…︎ Nov 03 2019
🚨︎ report
Facebook, Mozilla, and Cloudflare announce new TLS Delegated Credentials standard. New TLS protocol extension will shorten the window an attacker has to perform a man-in-the-middle attack. zdnet.com/article/faceboo…
πŸ‘︎ 3
πŸ’¬︎
πŸ‘€︎ u/tmiklas
πŸ“…︎ Nov 01 2019
🚨︎ report
SSL man-in-the-middle attacks on RDP labs.portcullis.co.uk/blo…
πŸ‘︎ 146
πŸ’¬︎
πŸ‘€︎ u/shinney7
πŸ“…︎ Apr 22 2014
🚨︎ report
It had been some time since my last trip to Rio Bravo. As I suspected some local outlaws had arranged a welcoming party for me in the middle of no-mans land... Lucky for me they where of little experience and had only basic firearms. I took to a vantage point, scanning for signs of another attack.
πŸ‘︎ 15
πŸ’¬︎
πŸ‘€︎ u/isnt_easy
πŸ“…︎ Jul 02 2019
🚨︎ report
Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks poal.co/s/Intelligence/10…
πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/whitemimeticry
πŸ“…︎ Nov 08 2019
🚨︎ report
Attacking RDP with Seth: Man-in-the-Middle Attacks against Poorly Secured RDP Connections

Today, SySS published a new proof-of-concept video about an old security issue - poorly secured RDP connections.

You can find the video demonstrating successful MitM attacks against RDP connections using the software tool Seth on YouTube: https://www.youtube.com/watch?v=JvvxTNrKV-s

πŸ‘︎ 7
πŸ’¬︎
πŸ‘€︎ u/Radi0activeM0use
πŸ“…︎ Apr 18 2019
🚨︎ report
Kazakhstan government has started man-in-the-middle attacks on all HTTPS internet traffic in the country by asking end-users to install government-issued certificate authority on all devices in every browser. bugzilla.mozilla.org/show…
πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/quantumcipher
πŸ“…︎ Jul 19 2019
🚨︎ report
Evilginx v2.0 - Standalone Man-In-The-Middle Attack Framework Used For Phishing Login Credentials Along With Session Cookies, Allowing For The Bypass Of 2-Factor Authentication – PentestTools pentesttools.net/2018/10/…
πŸ‘︎ 21
πŸ’¬︎
πŸ‘€︎ u/PentestToolz
πŸ“…︎ Oct 19 2018
🚨︎ report
Better protection against Man in the Middle phishing attacks #infosec via @Google https://t.co/npQ90rD1vL

Better protection against Man in the Middle phishing attacks#infosec via @Googlehttps://t.co/npQ90rD1vL

β€” πŸ…°πŸ…·πŸ…» πŸ…²πŸ†ˆπŸ…±πŸ†‚πŸ…΄πŸ…² (@AHCybSec) April 18, 2019

from Twitter @AHCybSec

πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/Libfy
πŸ“…︎ Apr 18 2019
🚨︎ report
What is man-in-the-middle attack (MitM)?
πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/william-harvey-07
πŸ“…︎ Apr 12 2019
🚨︎ report
Sennheiser Headset Software Could Allow Man-in-the-Middle SSL Attacks bleepingcomputer.com/news…
πŸ‘︎ 5
πŸ’¬︎
πŸ‘€︎ u/europeanwizard
πŸ“…︎ Nov 28 2018
🚨︎ report
Thanks for Tom Nardi's article on Hackaday. Wondering how can hackers build a man-in-the-middle attack by using this microuter? Learn more: https://hackaday.com/2019/02/01/this-tiny-router-could-be-the-next-big-thing/
πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/GLiNet_WiFi
πŸ“…︎ Feb 16 2019
🚨︎ report
Man-in-the-middle attack demonstration allowing for the bypass auf 2-factor authentication vimeo.com/281220095
πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/lumbdi
πŸ“…︎ Jan 29 2019
🚨︎ report
[CVE-2019-3462] Debian & Ubuntu Fix Man-in-the-Middle Attack in APT Package Manager, Update Now [ENG] news.softpedia.com/news/d…
πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/cronos426
πŸ“…︎ Jan 23 2019
🚨︎ report
Man in the Middle attacks kalitut.com/2017/10/man-i…
πŸ‘︎ 41
πŸ’¬︎
πŸ‘€︎ u/WTSxDev
πŸ“…︎ Oct 07 2017
🚨︎ report
Quick question about Man in the middle attack!

Hey guys!

So whenever I see a MITM demonstration or video, people always say that you can create host websites that look exactly like other websites to get the passwords. What I'm curious about, is why don't you just request the original website with https, and then serve it back to the user over http (or maybe spoof a https cert).

Then when a user enters data (like username / password) and sends a request, you simply save the request locally and also forward it to the original website, and then return the response to the user.

Hopefully that makes sense. It seems like if a user had full access to the original website then you could get a lot more information than just their username/password.

Is it not possible? I feel like people would have already done something like this if it was possible.

Thanks a ton!

πŸ‘︎ 3
πŸ’¬︎
πŸ‘€︎ u/JarofHearts
πŸ“…︎ Jan 04 2017
🚨︎ report
Evilginx v2.0 - Standalone Man-In-The-Middle Attack Framework Used For Phishing Login Credentials Along With Session Cookies, Allowing For The Bypass Of 2-Factor Authentication – PentestTools pentesttools.net/2018/10/…
πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/PentestToolz
πŸ“…︎ Oct 19 2018
🚨︎ report
Man in the Middle iOS Attacks: The Danger of Relying on a Single Layer of Security medium.com/@jonluca/man-i…
πŸ‘︎ 44
πŸ’¬︎
πŸ‘€︎ u/JonLuca
πŸ“…︎ May 26 2017
🚨︎ report
Possible man-in-the-middle attack

So I'm trying send some btc to an exchange. I'd read about the possibility of a man-in-the-middle attack, so I was glad to see that Ledger now requires you to check the receiving address on the device itself.

The first confirmation shows the correct amount and correct receiving address. But the second confirmation suddenly shows a different amount and a different receiving address.

So I obviously cancelled and tried again, but the same thing happens. The new amount was considerably smaller than the first in this case.

I decided to try again, this time sending a smaller amount. Again, the first confirmation shows the right address and the right amount, but the second confirmation shows a different address (but the same one as the previous two times) and the amount had changed to a figure 13 times larger.

What's going on here? Is it a man-in-the-middle attack? If so, how could it work if only 1 of the 2 transaction confirmations seemed to be affected?

πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/redscrog
πŸ“…︎ Feb 22 2018
🚨︎ report
My brother tried to explain the Man in the Middle attack while we were drunk. I understand it now
πŸ‘︎ 10
πŸ’¬︎
πŸ‘€︎ u/carvinbutter
πŸ“…︎ Apr 13 2017
🚨︎ report
Does IPFS make man-in-the-middle attacks impossible?
πŸ‘︎ 4
πŸ’¬︎
πŸ‘€︎ u/Kirstblu
πŸ“…︎ Feb 29 2016
🚨︎ report
Advanced SQL Server Man-in-the-Middle Attacks blog.blindspotsecurity.co…
πŸ‘︎ 3
πŸ’¬︎
πŸ‘€︎ u/imr2017
πŸ“…︎ Dec 29 2017
🚨︎ report
MAn GeTs aTTackEd By DemOn iN hiS HoME in ThE mIddle oF thE NighT v.redd.it/r6waplifuhr31
πŸ‘︎ 190
πŸ’¬︎
πŸ‘€︎ u/GhostMic30
πŸ“…︎ Oct 09 2019
🚨︎ report
Man in the Middle attacks kalitut.com/2017/10/man-i…
πŸ‘︎ 3
πŸ’¬︎
πŸ‘€︎ u/WTSxDev
πŸ“…︎ Oct 10 2017
🚨︎ report

Please note that this site uses cookies to personalise content and adverts, to provide social media features, and to analyse web traffic. Click here for more information.