Tech Terms | Abbreviations A–Z
Man-in-the-Middle Attack, MITM Attack, Modem, Multi-Device Support, Multi-factor Authentication (2FA), Multi-SIM Card, MySQL
In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle (MITM) or person-in-the-middle (PITM) attack is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other. One example of a MITM attack is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all relevant messages passing between the two victims and inject new ones. This is straightforward in many circumstances; for example, an attacker within the reception range of a unencrypted Wi-Fi access point could insert themselves as a man-in-the-middle.
As it aims to circumvent mutual authentication, a MITM attack can succeed only when the attacker impersonates each endpoint sufficiently well to satisfy their expectations. Most cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, TLS can authenticate one or both parties using a mutually trusted certificate authority.
A modulator-demodulator or modem is a computer hardware device that converts data from a digital format into a format suitable for an analog transmission medium such as telephone or radio. A modem transmits data by modulating one or more carrier wave signals to encode digital information, while the receiver demodulates the signal to recreate the original digital information. The goal is to produce a signal that can be transmitted easily and decoded reliably. Modems can be used with almost any means of transmitting analog signals, from light-emitting diodes to radio.
Early modems were devices that used audible sounds suitable for transmission over traditional telephone systems and leased lines. These generally operated at 110 or 300 bits per second (bit/s), and the connection between devices was normally manual, using an attached telephone handset. By the 1970s, higher speeds of 1200 and 2400 bit/s for asynchronous dial connections, 4800 bit/s for synchronous leased line connections and 35 kbit/s for synchronous conditioned leased lines were available. By the 1980s, less expensive 1200 and 2400 bit/s dialup modems were being released, and modems working on radio and other systems were available. As device sophistication grew rapidly in the late 1990s, telephone-based modems quickly exhausted the available bandwidth, reaching the ultimate standard of 56 kbit/s.
The rise of public use of the internet during the late 1990s led to demands for much higher performance, leading to the move away from audio-based systems to entirely new encodings on cable television lines and short-range signals in subcarriers on telephone lines. The move to cellular telephones, especially in the late 1990s and the emergence of smartphones in the 2000s led to the development of ever-faster radio-based systems. Today, modems are ubiquitous and largely invisible, included in almost every mobile computing device in one form or another, and generally capable of speeds on the order of tens or hundreds of megabytes per second.
Some instant messaging services (IMS for short) already offer “multi-device functionality” with only one user ID for all of your devices, usually called “ID”. However, previous solutions are not really secure! Investigating authorities, secret services and criminals therefore have an easy time intercepting WA, FC, Telegram etc.
To do this, a device will be registered at the IMS for multi-device support in the name of the owner. The attacker tells the IMS the identification of the person to be intercepted, usually the mobile phone number. The IMS sends the owner a security query via SMS. However, the attacker intercepts this and the attack remains unnoticed. The solution of the IMS Threema is at a development stage where technical details are still subject to change, but the basic framework has been built.
Multi-factor authentication (MFA; two-factor authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authenticationmechanism. MFA protects user data—which may include personal identification or financial assets—from being accessed by an unauthorized third party that may have been able to discover, for example, a single password.
A third-party authenticator (TPA) app enables two-factor authentication, usually by showing a randomly generated and frequently changing code to use for authentication.
Multi-SIM technology allows cloning up to 12 GSM SIM cards (of format COMP128v1) into one card. The subscriber can leave the original cards in a secure place and use only the multi-SIM card in day to day life.
For telecom operator-provided cards, only the Group MSISDN number is known to multi-SIM subscribers. Member-SIM MSISDN is transparent to the subscriber. Messages sent to member SIM are delivered to the Group MSISDN.
Multi-SIM allows switching among (up to) 12 stored numbers from the phone's main menu. A new menu entry in subscriber’s phone automatically appears after inserting the multi-SIM card into the cell phone.
Only one of the member cards may be active at a time.
Modern SIM cards from many mobile operators are not compatible with multi-SIM technology and may not be cloned. Multi-SIM technology is a result of poor security algorithms used in the encryption of the first generation of GSM SIM cards, commonly called COMP128v1. SIM cloning is now more difficult to perform, as more and more mobile operators are moving towards newer encryption methods such as COMP128v2 or COMP128v3. SIM cloning is still possible in some countries such as Russia, Iran and China.
SIM cards issued before June 2002 most likely are COMP128v1 SIM cards, thus clonable.
MySQL (/ˌmaɪˌɛsˌkjuːˈɛl/) is an open-source relational database management system (RDBMS). Its name is a combination of "My", the name of co-founder Michael Widenius's daughter, and "SQL", the abbreviation for Structured Query Language. A relational database organizes data into one or more data tables in which data types may be related to each other; these relations help structure the data. SQL is a language programmers use to create, modify and extract data from the relational database, as well as control user access to the database. In addition to relational databases and SQL, an RDBMS like MySQL works with an operating system to implement a relational database in a computer's storage system, manages users, allows for network access and facilitates testing database integrity and creation of backups.
MySQL is free and open-source software under the terms of the GNU General Public License, and is also available under a variety of proprietary licenses. MySQL was owned and sponsored by the Swedish company MySQL AB, which was bought by Sun Microsystems (now Oracle Corporation). In 2010, when Oracle acquired Sun, Widenius forked the open-source MySQL project to create MariaDB.
MySQL has stand-alone clients that allow users to interact directly with a MySQL database using SQL, but more often, MySQL is used with other programs to implement applications that need relational database capability. MySQL is a component of the LAMP web application software stack (and others), which is an acronym for Linux, Apache, MySQL, Perl/PHP/Python. MySQL is used by many database-driven web applications, including Drupal, Joomla, phpBB and WordPress. MySQL is also used by many popular websites, including Flickr, MediaWiki, Twitter, WBCE and YouTube.