[Cryptography] Encryption opinion

Christian Huitema huitema at huitema.net
Mon Aug 25 23:49:13 EDT 2014


> I don't see the distinction.  The phisher redirects Alice's browser to
> him.  He then goes to the site and extracts information to perpetuate
> the deception.  What's not middle here?

That particular deception is just one of the phishing techniques, in which
Alice is, for example, tricked into contacting "bankofamerikka.com" and give
out her Bank of America credentials. But the actual phishing techniques are
way more diversified. Phishers might just point the user to a web site that
they own, using social engineering to have the target overlook the URL. They
might be hacking some legitimate web site and plant a bug there. They might
just send an email attachment from a previously pwned account that the
target trusts. The technology may well ensure that Alice is indeed speaking
to the intended site, and yet phishing will still happen.

-- Christian Huitema





More information about the cryptography mailing list