HTML and CSS Reference
In-Depth Information
Man-in-the-middle
Suppose you are chatting with your girlfriend via an IM client. Her ex-boyfriend wants
to view the messages you exchange, so he makes independent connections with
both of you and sniffs your messages. He also sends messages to you and your girl-
friend, as an invisible intermediate to your communication. That is known as a man-
in-the-middle attack. The man-in-the-middle kind of attack is easier for unencrypted
connections, as the intruder can read the packages directly. When the connection is
encrypted, the information has to be decrypted by the attacker, which might be way
too difficult.
Fromatechnicalaspect,theattackerintercepts apublic-keymessageexchangeand
sends the message while replacing the requested key with his own.
Obviously, a solid strategy to make the attacker's job difficult is to use SSH with We-
bSockets. Mostly when exchanging critical data, prefer the WSS secure connection
instead of the unencrypted WS.
The following figure describes how the spy interferes and acquires data:
Man-in-the-middle attack
XSS
Cross-site scripting ( XSS ) is a vulnerability that enables attackers to inject client-
side scripts into web pages or applications. An attacker can send HTML or
JavaScript code using your application hubs and let this code be executed on the
clients' machines.
You may encounter the simplest form of an XSS attack when filling a web form. Ima-
gine that someone sends the following data using the chat application we developed:
Search WWH ::




Custom Search