[16866] in cryptography@c2.net mail archive
Re: A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)
daemon@ATHENA.MIT.EDU (Adam Shostack)
Wed Feb 9 14:05:29 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 9 Feb 2005 13:35:12 -0500
From: Adam Shostack <adam@homeport.org>
To: Amir Herzberg <herzbea@macs.biu.ac.il>
Cc: Ian Grigg <iang@systemics.com>, cryptography@metzdowd.com
In-Reply-To: <420A4B50.4010203@cs.biu.ac.il>
On Wed, Feb 09, 2005 at 07:41:36PM +0200, Amir Herzberg wrote:
| Want to see a simple, working method to spoof sites, fooling
| Mozilla/FireFox/... , even with an SSL certificate and `lock`?
|
| http://www.shmoo.com/idn/
|
| See also:
|
| http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=3866526512
|
| Want to protect your Mozilla/FireFox from such attacks? Install our
| TrustBar: http://TrustBar.Mozdev.org
| (this was the first time that I had a real reason to click the `I don't
| trust this authority` button...)
|
| Opinions?
Just because you can demonstrate that you're pre-emptively and
pro-actively blocking attacks that the beat the current system doesn't
mean ....
I can't go on. My head would explode.
Have you run end-user testing to demonstrate the user-acceptability of
Trustbar?
Adam
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
