[Cryptography] phishing, was Encryption opinion
Tom Mitchell
mitch at niftyegg.com
Mon Sep 8 22:54:32 EDT 2014
On Mon, Aug 25, 2014 at 2:38 PM, John Levine <johnl at iecc.com> wrote:
> >> Except that the M isn't ITM in the case of phishing. Phishing is not so
> >> much a Man In The Middle, it's more a Man On The Sidelines That Looks
> >> Very Much Like Bob, or MOTSTLVMLB, but good luck pronouncing that.
> >
> >I don't see the distinction. The phisher redirects Alice's browser to
> >him. He then goes to the site and extracts information to perpetuate
> >the deception. What's not middle here?
>
> Web phishes rarely do MITM. It's a site that looks like the real site
> and tells you to log in.
>
One interesting and troubling MITM activity seems to be too common.
Apparently:
"Comcast Wi-Fi serving self-promotional ads via JavaScript injection"
If carriers and others are permitted to inject anything the framework
for MITM attacks is established and made legal.
Injection by an ISP can also include host spoofing and host route
spoofing that makes it astoundingly difficult for a "customer" to know
that he is being misdirected.
Detection and blocking of such abuse is necessary if there is to
be any progress and trust with things like internet elections. This
includes
proxy voting for company boards now even if we do not embrace
political elections.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140908/16270fc8/attachment.html>
More information about the cryptography
mailing list