Understanding Computer Network Security Part 3: Man in the Middle
This post is part of a series about computer network security.
Today's lesson in computer network security begins with a basic knowledge of public key encryption. Public key encryption is how it is possible for me to tell you some information over an insecure channel (the internet), and be able to obscure that information from an attacker, without ever using a private channel. This can be a REALLY hard concept to wrap your head around, and there's a lot more to it than what I'm covering here, if you wan't, you can view this awesome khan academy regarding public key encryption.
What you do need to know about public key encryption is that it is the secret sauce that protects passwords, credit cards, bank account info, and virtually anything getting transmitted over the internet. The main idea is that if you have a public key and a private key, and I have a public key and a private key, we can exchange information safely. Each key is a essentially a random set of characters, the public key is shared, the private key is not.
Well what if I use the tactics described in my previous post to replace a website's public key with my own public key? Well then I have effectively tricked you into encrypting all of your data in a format that only I can read, and once I send it off to the website you were trying to access, no one will be any the wiser, sort of...
So how can you protect against getting wrapped up into a MitM attack? Well there are a number of ways
- Avoid doing sensitive transactions over public WiFi, watch movies, browse the internet, but don't move your money around, check your credit card statement, etc.
- If you see this red warning, keep in mind that someone might be trying to spy on you, and your sensitive data may not be safe.