[Cryptography] Walmart fooled by non-authenticated web pages

Lodewijk andré de la porte l at odewijk.nl
Thu Nov 20 21:21:16 EST 2014

Seems like a misunderstanding to make a platform as a whole be treated as a
"select online retailer". If you accept retailers with 0 sales, that's fine.

Requesting the URI will verify for you the latest and accurate page. I
doubt MITM attacks would ever be used at wallmart, too high tech for the
haul... Else Walmart should only accept HTTPS retailers ;)

An online Walmart tool could create scannable barcodes to print. The
barcode would contain (the relevant info off) the page and be digitally
signed so employees can check validity with just any old smartphone. Just a
URI would seem infinitely simpeler and better.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141121/7a778de8/attachment.html>

More information about the cryptography mailing list