man in the browser
Home > Security Definitions - Man in the browser
SearchSecurity.com Definitions (Powered by WhatIs.com)
EMAIL THIS
LOOK UP TECH TERMS Powered by: WhatIs.com
Search listings for thousands of IT terms:
Browse tech terms alphabetically:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

man in the browser

Show me everything on Malware, Viruses, Trojans and Spyware


Word of the Day


DEFINITION - Man in the browser is a security attack where the perpetrator installs a Trojan horse on a victim's computer that's capable of modifying that user's Web transactions as they occur in real time. According to security expert Philipp Guhring, the technology to launch a man in the browser attack is both high-tech and high priced. Use of the tactic has been limited to financial fraud in most cases, due to the resources required. Both Firefox and Internet Explorer on Windows have been successfully targeted.

Many experienced Web users are aware of phishing scams, in which an unsuspecting user is directed to a fake Web site through a link in an e-mail or some other notification. A man in the browser attack, however, unlike phishing, occurs when the victim has entered the URL into the browser independently, without an external prompt. On the surface, transactions are taking place normally with expected prompts and password requirements.

A man in the browser attack is similar to the man in the middle tactic, in which an attacker intercepts messages in a public key exchange. The attacker then retransmits them, substituting bogus public keys for the requested ones. A man in the browser attack is more difficult to prevent and disinfect, however, because instead of occurring in a public exchange, the activity takes place between the user and the security mechanisms within that user's browser.

Learn more about Malware, Viruses, Trojans and Spyware
Built-in Windows commands to determine if a system has been hacked: Ed Skoudis identifies five useful Windows command-line tools for machine analysis and discusses how they can assist administrators in determining if a machine has been hacked.
More built-in Windows commands for system analysis: Ed Skoudis defines five more useful Windows commands that can provide new insight into the realm of Windows analysis.
Mini guide: How to remove and prevent Trojans, malware and spyware: Organizations need to learn how to implement proper protections and understand best practices for malware defense in order to keep their network environments secure. In this mini guide you will learn ...
Hacker attack techniques and tactics: Understanding hacking strategies: This guide provides you with a plethora of tips, expert advice and Web resources that offer more in-depth information about hacker techniques and various tactics you can employ to protect your ...
Spyware Protection and Removal Tutorial: This spyware protection and removal tutorial is a compilation of free resources that explain what spyware is, how it attacks and what you can to do to win the war on spyware.
Information security book excerpts and reviews: Visit the Information Security Bookshelf for book reviews and free chapter downloads.
Googling Security: How Much Does Google Know About You?: In an excerpt from Googling Security: How Much Does Google Know About You?, author Greg Conti explains how attackers exploit advertising networks to compromise end-user machines.

LAST UPDATED: 15 Aug 2006

Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com

More resources from around the web:
- In this paper, Philipp Guhring explains man in the browser and suggests countermeasures.
- Covelight Systems offers a solution that can protect computers against emerging attack forms.





FILE EXTENSION AND FILE FORMAT LIST
File Extension and File Format List:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #


RELATED CONTENT
The world's top 5 riskiest domains
McAfee's 3rd Annual "Mapping the Mal Web" report highlights the domains with the most road hazards.
New Zeus spam poses as Social Security statements
Trojan steals banking credentials at small and midsize businesses.
Increase in Gumblar backdoors poses FTP credential problems
Security Researcher explains how to detect the Trojan, but many victimized website owners don't have the technical expertise to fix the problem.

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
bot worm  (SearchSecurity.com)
A bot worm is a self-replicating malware program that resides in current memory, turns infected computers into zombies (or bots) and transmits itself...
directory traversal  (SearchSecurity.com)
Directory traversal is a form of HTTP exploit in which a hacker uses the software on a Web server to access data in a directory other than the...




Get More man in the browser Answers
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts