[Cryptography] Encryption opinion

Kevin W. Wall kevin.w.wall at gmail.com
Wed Aug 27 23:49:06 EDT 2014


On Mon, Aug 25, 2014 at 9:32 AM, ianG <iang at iang.org> wrote:
> On 25/08/2014 12:32 pm, Stephan Neuhaus wrote:
>> On 2014-08-25, 12:50, ianG wrote:
>>> Phishing is an MITM.
>>
>> Except that the M isn't ITM in the case of phishing.  Phishing is not so
>> much a Man In The Middle, it's more a Man On The Sidelines That Looks
>> Very Much Like Bob, or MOTSTLVMLB, but good luck pronouncing that.
>
>
> I don't see the distinction.  The phisher redirects Alice's browser to
> him.  He then goes to the site and extracts information to perpetuate
> the deception.  What's not middle here?

Well, certainly not *all* phishing attempts operate this way and thus are
not traditional MITM attacks. One example is a user gets a phishing
email that s/he has been selected as a winner of a Caribbean cruise.
They click on the provided link and malware is silently downloaded
and installed that compromises their browser through something like
a browser helper object or browser add-on. Or worse, the malware
totally pwns your machine and installs a root kit. That scenario is more
akin to Stephan's MOTSTLVMLB.

-kevin
-- 
Blog: http://off-the-wall-security.blogspot.com/
NSA: All your crypto bit are belong to us.


More information about the cryptography mailing list