An attack on paypal
Matthew Byng-Maddick
cryptography at lists.colondot.net
Sun Jun 15 13:03:43 EDT 2003
On Fri, Jun 13, 2003 at 04:32:12PM -0700, Bill Stewart wrote:
> An e-gold-specific or paypal-specific client can tell,
> because it can remember that it's trying to see the real thing,
> but the browser can't tell, except by bugging you about
> "Hi, this is a new site that's giving us a new cert" placebo box.
Don't knock this warning, it might be enough of an indication to the user
that something is not quite right. "But I've logged into e-gold before,
and it never said this...". It certainly should be. In most browsers,
though, there isn't even that, by default, at least, IMLE.
MBM
--
Matthew Byng-Maddick <mbm at colondot.net> http://colondot.net/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list