1. An attacker where the hacker interposes himself in the middle between two people. Culture: Historically, when talking about such attacks, the hacker is given male names starting with the letter M (like Mallory, Mark, Mawry, etc.). Key point: This often means that both sides of a connection really need to authenticate themselves. For example, when you log into a server, you really want to be assured it is the real server you are talking to, rather than Mark who is forwarding your requests to the real server using your identity. Key point: In the year 2000, Dug Song released a toolkit for interposing yourself in between SSL and SSH connections. It relies upon the fact that client systems do not validate the certificates on the server. Therefore, the man-in-the-middle attack can present any certificate to the client, which will not realize it is not the certificate of the server. From Hacking-Lexicon