Threat Posed by Man-in-the-Middle Attacks

How frequent (and/or sophisticated) are man-in-the-middle attacks?

About

In cryptography, the man-in-the-middle attack (often abbreviated MITM), or bucket-brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker开发者_开发技巧 makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances (for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle).

http://en.wikipedia.org/wiki/Man-in-the-middle_attack

The reason I ask is to try and gauge whether it's worth the added overhead of encrypting important sections of the content I'm sending to the user or whether it's safe to just go ahead and send it unencrypted.

Note: I know this isn't strictly a "programming" question insofar as there is no code solution, however it influences coding decisions and is coding-based, so it still seems appropriate.

It doesn't take a MITM attack to read data that hasn't been encrypted at all. A MITM attack is used to allow an attacker to read data that has been encrypted.

Edit: The relevant question with respect to MITM attacks is not whether you should do encryption at all. It's whether you should do some sort of authentication (i.e., verifying the identity of the remote party) while you set up an encrypted connection.

With no encryption at all, a "snooper" just looks at your data as it goes through, and sees exactly what's there. A MITM attack applies when you do encryption, but don't verify who you're sending the encrypted data to. In this case, the attacker inserts himself in the middle of the conversation -- you connect to the attacker, and send him encrypted data. He connects to the person you intended to talk to, and creates an encrypted connection to both of you. Then, as you send your data, he receives it, decrypts it with your key, re-encrypts it with the target's key, and sends it to the target. Likewise, any returned data he decrypts with the target's key, and re-encrypts with yours.

This way, it looks to both you and the target as if the communication is going normally -- but the attacker can read everything you send. If you don't encrypt the data at all, though, none of this is necessary -- since you're sending plain text, the attacker can just look at it as it goes by.

The MITM attack is not necessarily thwarted by encryption. For example, if you encrypt using a so-called "self-signed certificate," then your communications will be encrypted, and yet a MITM attack could still occur. For example, with a self-signed cert, if you load "Fiddler" onto the client box, it will perform a MITM exercise so that it can watch all the traffic. The client and the server will not realize that the MITM is happening.

If you use real PKI (a true trusted 3rd party is involved), then MITM isn't possible.

In any case, MITM is fairly easy to achieve, if the value of your data is "worth it" to the attacker.

Depends on the application, but if the data being sent is at all sensitive, definitely guard against man in the middle! It is a very relevant danger especially with rise of Wi-Fi, and very easy to do; a friend and I were able to replicate the Gmail MIMA last year with little difficulty.

I would refer you to the Internet Storm Center (isc.sans.org) for any questions about frequency of attack types on the Internet.

Keep in mind that MITM is a very broad term, and you seem to be more worried specifically with just session sniffing (i.e., eavesdropping) attacks. Sniffing attacks are trivial to perform. A full MITM facilitates modification of the session, which can have different implications than simply viewing the information. This modification requires a bit more sophistication, but not custom tools.

Using TLS/SSL on your site will provide protection of the data from prying eyes and ensure that clients are indeed communicating with the correct server.

To address the note on coding - whether you decide to use cryptography or not, you should be engineering your web app such that it would not be onerous to add crypto later.

Any time you talk about security, it's always in context of sensitivity of your data. The more valuable your secret is to someone, the more determined they will be to obtain it, and the more resources they'll expand. Conversely, the more valuable it is to you to keep it secret, the more resources you should expand protecting it.

Man in the middle attacks are pretty accessible to anyone, especially on public networks. It's up to you to decide if you want anyone to be able to read your data or not...