Co-ordination on Phase 2 investigation. The com-Division site is throwing 500 errors for me, and seems offline. (stressed?) Correction: Just came back up. Definition of terms -- malicious activity MitM -- Man in the Middle. An attacker is able leverage their position between a victim and the resources they are trying to access. Used to eavesdrop on communications, and/or modify them in flight. HTTP -- Hyper Text Transport Protocol. The method used to request web pages. You're using it right now. HTTPS -- HTTP using SSL/TLS security. Provides encryption, and authentication via signed certificates and a chain of trust. SSH -- The Secure SHell. A protocol for establishing a secure communication channel. Encrypted, and authenticated using Fingerprints. sslstrip -- Stripping the encryption from a normally secure channel. This usually involves a MitM attack, selectively removing references to encryption. (eg: Rewriting https:// links to HTTP:// instead) DNS -- The Domain Name System. Converts English readable addresses to numeric Internet Protocol addresses. (eg: www.google.com is the DNS name for 22.214.171.124) DNS Censorship -- Presumably responding or modifying DNS requests for sites, to return unreachable, false, or otherwise incorrect information. Could be used to prevent a victim from reaching a website, or to send them to a different one. IMAPS -- The Internet Message Access Protocol (Secure). This is a protocol used to retrieve E-Mail, encrypted with SSL/TLS. Is oftentimes opportunistic, and will fail back to unencrypted channels. (ie: sslstripping) While it ostensibly uses SSL certificates, I don't think I've ever seen it actually verify those certificates. IMAPS Antivirus -- Well, antivirus is something that's used to detect viruses. And it's often applied against incoming mail. But it's not an attack, or even a problem.