[Cryptography] phishing, was Encryption opinion
John Levine
johnl at iecc.com
Tue Aug 26 00:48:04 EDT 2014
>> Web phishes rarely do MITM. It's a site that looks like the real site
>> and tells you to log in. Once you do, it says oops, you mistyped your
>> password and perhaps redirects you to the real site. It's just
>> impersonation.
>
>MITM is an abstract term denoting two endpoints and a node in the
>middle. The correct communication goes between the endpoints without
>interference. An MITM interposes a middle node by one means or another
>that can see plaintext and pervert intent.
>
>Above, you've met those requirements.
No, the phish site does not communicate with the bank, it merely
impersonates the bank to steal your credentials. The phish is not a
middle node. I don't know how to say that any more clearly.
>A phish is a teaser mail that includes a URL pretending to be your bank
>(eg Bob). If you (Alice) click on it, you go there instead of your
>bank. You're now talking to the middle, which will then talk to the bank.
Once again, that's not what phishes do.
R's,
John
More information about the cryptography
mailing list