[Cryptography] Phishing and other abuse issues [Was: Re: Encryption opinion]
James A. Donald
jamesd at echeque.com
Fri Aug 29 04:24:46 EDT 2014
On 2014-08-29 15:06, Christian Huitema wrote:
> Iang calls that a MITM attack. IMHO, that's a poor choice of words,
> because 99.9% of the community will use MITM to designate a
> potential attack that inserts a hacker between Alice and
> https://www.rabbitholebanc.co.uk/, or even between Alice and
> https://www.phishingareus.info/. But the problem is real, and is
> worth addressing.
Your 99.9% figure comes from where?
I use MITM the way Iang does, because when the phisher is after your
password, he intends to be in the middle. Ann wants to talk with Bob.
Malloc represents himself as Bob to Ann, and as Ann to Bob.
It is one the classic problems of cryptography, and the name for the
problem is man in the middle. What else would you call it?
A phisher might want install adware on your computer, might claim to
wish to give you a million dollars of stolen money in order to get you
to pay bogus transaction fees, but when the phisher wants your
credentials, that is the standard well known problem, man in the middle,
for which we need protocol solutions, and in theory have protocol solutions.
More information about the cryptography
mailing list