Man in the middle

A man-in-the-middle attack occurs when someone eavesdrop remotely and undetected on unsecured chatter between people and website. To intercept or possibly alter the website traffic a hacker can set up an unsecure WiFi hotspot (evil twin attack), installing a malware on the user’s PC or using a sniffer to intercept the traffic (network sniffer).

Evil twin attacks can be prevented by carefully considering networks before connecting. Oddities like frequent disconnects, promises of fast WiFi networks or strange WiFi locations can signal an evil twin attack.

A network sniffer is used to monitor the network traffic, view details of unencrypted requests or detect network vulnerabilities.

Websites often communicate with web browser over HTTPS which uses cryptography. So, two important measures to use a secure connection would be:

  • connect to a familiar, secured WiFi network
  • ensure the website uses HTTPS

Passwords

Many users choose short and simple passwords. Easy to remember makes them easy to crack only by guessing them.

The strength of a password increases with its length. Adding just a few more characters to a password can increase the time to crack it by years.

A way to generate strong password is to string together some meaningful words (combine some words) into a password phrase. Adding some complexity by adding some special characters and numbers.  A strong password should contain all of these elements (uppercase letters, numbers, lowercase letters, symbols like !, @, #, $).

An online dictionary attack There are some programs trying to login on a website using a dictionary file containing a list of common passwords (leaked passwords from another websites, a vocabulary list with words in different languages). The website can prevent that by limiting the amount of login attempts or by using a CAPTCHA on the login form.

Cryptography is used to make the passwords harder to crack. Before storing a password it must be encrypted. It can be decrypted only by those who have the key.

An offline dictionary attack occurs when a program is used to decrypt an encrypted password. This way the hacker can decrypt it in the comfort of his hideout.

A website can protect its password by encrypting the stored passwords, limiting the unsuccessful login attempts and require users to change passwords often.

Cryptography

Cryptography is the science of writing in secret code. It transforms plain text into disguised text and only the intended recipient can decipher it because he knows the key to the cipher.

Cryptography has been used for thousands of years but the computers reinvented it and led to strong encryption.

Caesar cipher (the shift cipher)

Atbash cipher (monoalphabetic substitution cipher)

Polybius square (translates letters into numbers)