What is a Man-in-the-Middle Attack?

However, unlike Phishing and Pharming attacks, Man in the middle attacks have been designed to defeat two-factor authentication also known as strong authentication. A man in the middle attack is designed to pass all data from the end user to the legitimate web site while at the same time recording the entire transaction. With a man in the middle attack, a user actually connects to the legitimate web server, however, they are connecting through a malicious server first. This server records everything the user does. In some cases the man in the middle attack will allow the user to log in, including authentication to a two-factor challenge and then once the connection has been made, it will send a page to the user telling them the site is unavailable possibly for maintenance. While the user thinks the session is over, a malicious hacker can continue the already logged in session. In this way the malicious individual completely negates the authentication process.

For more information on Man-in-the-Middle Attacks or to learn how to protect yourself from internet scams, visit www.tracesecurity.com .