North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: What *are* they smoking?
It's bad enough now; it could be even worse. They could respond on port 443, too, with a legitimate-seeming certificate -- they're *Verisign*, the leading certficate authority. In the security world, we call this a man- (or monkey-)in-the-middle attack, for which the standard defense is crypto. But that doesn't work well when your trusted third party is part of the threat model... --Steve Bellovin, http://www.research.att.com/~smb
|