man-in-the-middle

how to protect the ws discovery ad hoc network from man-in-the-middle attacks

the ws-discovery specifications explains how to protect your network from message alteration Denial of service replay spoofing but what about man-in-the-middle attack? ...

Man in Middle attack - Can such an attack occur if symmetric keys are used?

If we consider Man In the Middle Attack; Can such an attack occur if symmetric keys are used? ...

Capturing HTTPS traffic in the clear?

I've got a local application (which I didn't write, and can't change) that talks to a remote web service. It uses HTTPS, and I'd like to see what's in the traffic. Is there any way I can do this? I'd prefer a Windows system, but I'm happy to set up a proxy on Linux if this makes things easier. What I'm considering: Redirecting the we...

How do I verify the host server's certificate in Silverlight?

I am concerned with MITM attacks in the Silverlight application I am writing. The site will be running over SSL. If my site is the victim of a MITM attack, as far as I know, my only defense right now is the warning page the browser displays when the site's certificate is untrusted. Since it is only a browser, the best it can do is simply...

Secure connection between client and server

Hi, I'm developing a server component that will serve requests for a embedded client, which is also under my control. Right now everything is beta and the security works like this: client sends username / password over https. server returns access token. client makes further requests over http with the access token in a custom header...

Preventing man in the middle attack while using https

Hi, I am writing a little app similar to omegle. I have a http server written in Java and a client which is a html document. The main way of communication is by http requests (long polling). I've implemented some sort of security by using the https protocol and I have a securityid for every client that connects to the server. When the ...

Secure login with additional context information passed through (which also needs to be secure)

My web application will be launched through existing thick client applications. When launched, an HTTP POST request will be generated including information like the userID and additional context information (basically stuff like the target user's name, birthday, etc.). My plan for authentication is for there to be a look-up table in the...

How do certificate avoid the man in the middle attack?

Hello, I have another question to security in the web. If I understand it correctly certificates are for identify who you really are. So the man in the middle attack isn't possible. But when I see this image: http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Digital_Signature_diagram.svg/800px-Digital_Signature_diagram.svg.png ...