[Cryptography] phishing, was Encryption opinion
Donald Eastlake
d3e3e3 at gmail.com
Tue Aug 26 17:09:21 EDT 2014
On Tue, Aug 26, 2014 at 5:45 AM, James A. Donald <jamesd at echeque.com> wrote:
> On 2014-08-26 14:48, John Levine wrote:
>>>>
>>>> ...
>>>...
>>...
>> No, the phish site does not communicate with the bank, it merely
>> impersonates the bank to steal your credentials. The phish is not a
>> middle node. I don't know how to say that any more clearly.
>
> Phishing:
>
> Alice intends to submit her password to Bob. Instead she submits it to
> Mallory, who submits it to Bob.
>
> Sure sounds like Mallory is in the middle.
A MITM makes use of the intended destination of the communications to
facilitate the fraud. A man in the middle is like a bump in he cable.
A phisher can ask for bank credentials, can probably make some general
format checks, and can try use them later. But that is not a MITM.
A MITM forwards the credentials in real time to the bank and sends the
responses, possibly modified, back. Thus a MITM knows when it has
grabbed correct credentials it is passing through.
A MITM works in the face of a fumble fingered user who commonly
mistypes their credentials. A phish fails.
Thanks,
Donald
=============================
Donald E. Eastlake 3rd +1-508-333-2270 (cell)
155 Beaver Street, Milford, MA 01757 USA
d3e3e3 at gmail.com
More information about the cryptography
mailing list