[13638] in cryptography@c2.net mail archive
Re: An attack on paypal
daemon@ATHENA.MIT.EDU (Matthew Byng-Maddick)
Sun Jun 15 13:15:55 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sun, 15 Jun 2003 18:03:43 +0100
From: Matthew Byng-Maddick <cryptography@lists.colondot.net>
To: cryptography@metzdowd.com
In-Reply-To: <5.1.1.6.2.20030613162354.02df2940@idiom.com>
Mail-Copies-To: never
On Fri, Jun 13, 2003 at 04:32:12PM -0700, Bill Stewart wrote:
> An e-gold-specific or paypal-specific client can tell,
> because it can remember that it's trying to see the real thing,
> but the browser can't tell, except by bugging you about
> "Hi, this is a new site that's giving us a new cert" placebo box.
Don't knock this warning, it might be enough of an indication to the user
that something is not quite right. "But I've logged into e-gold before,
and it never said this...". It certainly should be. In most browsers,
though, there isn't even that, by default, at least, IMLE.
MBM
--
Matthew Byng-Maddick <mbm@colondot.net> http://colondot.net/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
