"Free WiFi" man-in-the-middle scam seen in the wild.
Matthias Bruestle
mbruestle at masktech.de
Tue Jan 23 10:00:11 EST 2007
Hi,
Perry E. Metzger wrote:
> For years, I've complained about banks, such as Chase, which let
> people type in the password to their bank account into a page that has
> been downloaded via http: instead of https:.
>
> The banks always say "oh, that's no problem, because the password is
> posted via https:", and I say "but that's only if the page comes from
> *you*, and it might come from a bad guy."
A German bank had the same problem. After some discussions without
positive results I wrote an article about SSL problems for a large
German IT magazine and described their situation. A short time after
they changed the login page to https.
Matthias
--
Matthias Bruestle, Managing Director
Phone +49 (0) 91 19 55 14 91, Fax +49 (0) 91 19 55 14 97
MaskTech GmbH, Nordostpark 16, 90411 Nuernberg, Germany
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list