RE: how can you verify that the site you get is not a fake?

From: Scot L. Harris (webid_at_cfl.rr.com)
Date: 06/06/05

Next message: Jason L Tibbitts III: "Re: sticky directory"

Previous message: Matthew Miller: "Re: how can you verify that the site you get is not a fake?"
In reply to: bruce: "RE: how can you verify that the site you get is not a fake?"
Next in thread: Joel Jaeggli: "RE: how can you verify that the site you get is not a fake?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: "'For users of Fedora Core releases'" <fedora-list@redhat.com>
Date: Mon, 06 Jun 2005 09:31:10 -0400

On Mon, 2005-06-06 at 09:05, bruce wrote:
> but you still haven't addressed my problem/issue/question...
>
> and that's how do i as a user (not an app) know that this is the right site
> for the url i entered... my fear is that a malicious site, could simply fake
> the information he's providing, to 'look' like the actual/real site...
>
> and as of yet.. i can't craft a solution to this issue...

Pick up a book on SSL certificates and read up on it. Others on the
list have described how it works. It is virtually impossible to fake
the certificates. It would require access at points in the Internet to
control your DNS and routing to run a man in the middle attack that
would in effect mean the bad guys own your Internet access path.

You are more likely to have someone get your password from shoulder
surfing or have an internal admin user access your information than
someone external redirect you to a web site that you can not identify as
fake.

Of course the basic rule of don't open or click on any thing that comes
from unsolicited email applies here. None of those that I have seen are
really that sophisticated and are easily identified as fakes.

And the people that have trouble figuring out those are fake are the
same ones trying to help the Nigerian lawyer get money out of his
country.....

-- 
Scot L. Harris
webid@cfl.rr.com
"Atomic batteries to power, turbines to speed."
-- Robin, The Boy Wonder 
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

Next message: Jason L Tibbitts III: "Re: sticky directory"

Previous message: Matthew Miller: "Re: how can you verify that the site you get is not a fake?"
In reply to: bruce: "RE: how can you verify that the site you get is not a fake?"
Next in thread: Joel Jaeggli: "RE: how can you verify that the site you get is not a fake?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: Dear Jeffrey
... And he flags up the "Internet ... of the cause of god. ... The whole idea is tolerance and unconditional ... COMPLETELY FAKE and they turn into the nastiest and dirtiest people on ...
(talk.religion.bahai)
Rooting out "the filth" on google groups...
... The internet, particularly discussion groups, has given rise, however, ... identities - or at least that's the way it used to be. ... "fake" internet identities, and have made it possible, within certain ... The US Court system, in several cases, has made this possible. ...
(misc.health.alternative)
Re: Just got back from the Doc
... I am telling to follow advice of your doctor, not the fake ... "testimonials" from the Internet. ...
(alt.support.diabetes)
Re: A visit to "The Uncycle Factory"
... one is much shorter than the others. ... fake, I don't think that would be the case. ... He lost a lot of business to the internet. ... Kokomo Juggler ...
(rec.sport.unicycling)
Re: Implementing a Partial Serial Number Verification System in Delphi
... access disabled while using your app. ... my own app that had a server socket in it to send a fake "yea" reply back, ... A similar approach could be made to send a fake reply back ... in a separate dll or assembly and updated separately, ...
(borland.public.delphi.non-technical)