[Cryptography] Fwd: Re: [FORGED] Re: So please tell me. Why is my solution wrong?
Joseph Kilcullen
kilcullenj at gmail.com
Wed Feb 8 11:20:29 EST 2017
On 08-Feb-17 8:55 AM, Bill Cox wrote:
>
> Well... I think I figured out why that wont work well. If the browser
> displays the same thing for every site, as some sort of side-bar or
> something, then phishers can convince the browser to show it on their
> phishing site, and only a slight difference in the URL will alert the
> user about the attack.
>
Your browser will only show it after verifying a TLS certificate's
digital signature. Hence the phishers need to hack a certificate
authority to get fig 1 up.
Sure phishers could buy a TLS certificate but its up to the certificate
authorities not to sell certificates with fake identities to criminals.
And yes, I know this has happened. I don't have the references to hand.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170208/fc84c2b7/attachment.html>
More information about the cryptography
mailing list