- From: Maciej Stachowiak <mjs@apple.com>
- Date: Sat, 08 May 2010 02:31:03 -0700
On May 7, 2010, at 1:40 PM, Aryeh Gregor wrote: > > In fact, do you know of *any* examples of MITM attacks being > successfully used against a public website? It's not that I doubt > that it's happened, but I don't actually know of any specific cases. > In principle, you should be able to harvest lots of passwords by > dropping some free wireless routers in strategic locations. > > (There's still an entirely different fatal problem with what you > quoted, though: if you aren't worried about MITM, then encryption is > pointless to begin with. I don't dispute your conclusion. :) ) "Pharming" is effectively a man-in-the-middle, and in particular would be 100% effective at defeating the proposed security feature. It is extremely common, to the point that it is considered one of the major security risks on the Web. http://en.wikipedia.org/wiki/Pharming Regards, Maciej
Received on Saturday, 8 May 2010 02:31:03 UTC