[Cryptography] Encryption opinion
Paul Ferguson
fergdawgster at mykolab.com
Tue Aug 26 18:29:09 EDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 8/26/2014 3:15 PM, Bear wrote:
> HTTPS is NOT an effective protection against MITM. Furthermore,
> MITM is easier, not harder, to address than phishing, and even if
> HTTPS were effective protection against MITM it still would not be
> an effective protection against phishing.
The real "in the middle" threat these days is credential-stealing
Man-in-the-Browser (MitB) malware, such as most modern day banking
Trojans (ZeuS, et al).
This is truly "in the middle" insofar as the attacker is actively and
surreptitiously part of the end-to-end session.
- - ferg
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iF4EAREIAAYFAlP9CjUACgkQKJasdVTchbI91QD+LfmWBRD9Be94hc+Za5bqrfDa
s90DkR0wFAJdvZg2NIQBAKWCX1QzBtw0P4kGcVn8rCid4x7Y0ZC3kEw9sSSZxwCV
=Nd5a
-----END PGP SIGNATURE-----
More information about the cryptography
mailing list