<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Tue, Aug 26, 2014 at 2:45 AM, James A. Donald <span dir="ltr"><<a href="mailto:jamesd@echeque.com" target="_blank">jamesd@echeque.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="">On 2014-08-26 14:48, John Levine wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Web phishes rarely do MITM. It's a site that looks like the real site<br>
and tells you to log in. Once you do, it says oops, you mistyped your<br>
password and perhaps redirects you to the real site. It's just<br>
impersonation.<br>
</blockquote>
<br>
MITM is an abstract term denoting two endpoints and a node in the<br>
middle. The correct communication goes between the endpoints without<br>
interference. An MITM interposes a middle node by one means or another<br>
that can see plaintext and pervert intent.<br>
<br>
Above, you've met those requirements.<br>
</blockquote>
<br>
No, the phish site does not communicate with the bank, it merely<br>
impersonates the bank to steal your credentials. The phish is not a<br>
middle node. I don't know how to say that any more clearly.<br>
</blockquote>
<br></div>
Phishing:<br>
<br>
Alice intends to submit her password to Bob. Instead she submits it to Mallory, who submits it to Bob.<br>
<br>
Sure sounds like Mallory is in the middle.</blockquote><div><br></div><div>Stop, you're both right. Really simplistic low end phishing attempts don't do anything other than capture your credentials, and may or may not redirect you to where you thought you were after getting them. High end, more sophisticated ones do a full, live MITM and proxy between you and the bank, while mimicking the UI.</div>
<div><br></div><div>-David Mercer</div></div></div></div>