A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)
Adam Shostack
adam at homeport.org
Wed Feb 9 13:35:12 EST 2005
On Wed, Feb 09, 2005 at 07:41:36PM +0200, Amir Herzberg wrote:
| Want to see a simple, working method to spoof sites, fooling
| Mozilla/FireFox/... , even with an SSL certificate and `lock`?
|
| http://www.shmoo.com/idn/
|
| See also:
|
| http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=3866526512
|
| Want to protect your Mozilla/FireFox from such attacks? Install our
| TrustBar: http://TrustBar.Mozdev.org
| (this was the first time that I had a real reason to click the `I don't
| trust this authority` button...)
|
| Opinions?
Just because you can demonstrate that you're pre-emptively and
pro-actively blocking attacks that the beat the current system doesn't
mean ....
I can't go on. My head would explode.
Have you run end-user testing to demonstrate the user-acceptability of
Trustbar?
Adam
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list