public internet security
nodata
lsof at nodata.co.uk
Mon May 7 05:55:58 UTC 2007
Am Sonntag, den 06.05.2007, 22:43 +0100 schrieb Andy:
> On 06/05/07, nodata <lsof at nodata.co.uk> wrote:
> > For this example's simplicity, the HTTP www.chase.com site has been
> > modified by a transparent proxy to change the logon page link from the
> > real internet banking app to a malicious internet banking app.
> >
> > You are taken to an HTTPS site called
> > https://somethingelse.example.com
> > This site has a valid SSL certificate, and so you received no warnings.
>
> Surely you would check the certificate in your browser to confirm:
Could..
> 1. It's issued by a reputable C.A.
> 2. It was the same C.A. it was last time
> 3. That the URL in the certificate is that of your bank
> 4. That the Organisation field has your banks name
>
>
> Andy
>
> --
> First they ignore you
> then they laugh at you
> then they fight you
> then you win.
> - Mohandas Gandhi
>
More information about the ubuntu-users
mailing list