public internet security
stude.list at googlemail.com
Sun May 6 21:43:56 UTC 2007
On 06/05/07, nodata <lsof at nodata.co.uk> wrote:
> For this example's simplicity, the HTTP www.chase.com site has been
> modified by a transparent proxy to change the logon page link from the
> real internet banking app to a malicious internet banking app.
> You are taken to an HTTPS site called
> This site has a valid SSL certificate, and so you received no warnings.
Surely you would check the certificate in your browser to confirm:
1. It's issued by a reputable C.A.
2. It was the same C.A. it was last time
3. That the URL in the certificate is that of your bank
4. That the Organisation field has your banks name
First they ignore you
then they laugh at you
then they fight you
then you win.
- Mohandas Gandhi
More information about the ubuntu-users