RE: how can you verify that the site you get is not a fake?
From: bruce (bedouglas_at_earthlink.net)
Date: 06/06/05
- Previous message: Dotan Cohen: "Re: Problem installing azureus"
- In reply to: Matthew Miller: "Re: how can you verify that the site you get is not a fake?"
- Next in thread: Matthew Miller: "Re: how can you verify that the site you get is not a fake?"
- Reply: Matthew Miller: "Re: how can you verify that the site you get is not a fake?"
- Reply: Felipe Alfaro Solana: "Re: how can you verify that the site you get is not a fake?"
- Reply: Joel Jaeggli: "RE: how can you verify that the site you get is not a fake?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: "'For users of Fedora Core releases'" <fedora-list@redhat.com> Date: Mon, 6 Jun 2005 06:48:31 -0700
matt, i unsderstand what you're saying...
but i still don't see how this protects/allows a user to 'know' that th site
he's on is the correct site...
as an example. i go to the verisign site (www.verisign.com) i can select the
verisign logo, which displays a pop-up. i read it, it looks good.. i think
i'm secure...
however, there's nothing that i look at, that couldn't be forged/faked by
you or i with the right web app knowledge...
i understand that the 'ssl/lock' is a function of the browser and is
supposed to be used to present details of the ssl certificate employed... i
also understand that the lock function is a component of the browser...
however, this asumes the user knows to click on the 'lock'. if i were to
provide a fake 'picture/icon' for the user to select, such that it displayed
the fake ssl information, in all likelyhood, the user wouldn't know the
difference..
-bruce
-----Original Message-----
From: fedora-list-bounces@redhat.com
[mailto:fedora-list-bounces@redhat.com]On Behalf Of Matthew Miller
Sent: Monday, June 06, 2005 6:16 AM
To: For users of Fedora Core releases
Subject: Re: how can you verify that the site you get is not a fake?
On Mon, Jun 06, 2005 at 06:05:58AM -0700, bruce wrote:
> but you still haven't addressed my problem/issue/question...
> and that's how do i as a user (not an app) know that this is the right
> site for the url i entered... my fear is that a malicious site, could
> simply fake the information he's providing, to 'look' like the actual/real
> site...
> and as of yet.. i can't craft a solution to this issue...
You could trust us that it's very hard to fake the SSL information, and then
you could inspect that. (Double click on the little lock icon.) You'll see
something like:
Web Site Identity Verified
The web site www.bu.edu supports authentication for the page you are
viewing. The identity of this web site has been verified by Thawte
Consulting cc, a certificate authority you trust for this purpose.
In the Firefox advanced preferences, you can manage which certificate
authorities you trust.
-- Matthew Miller mattdm@mattdm.org <http://www.mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/> Current office temperature: 80 degrees Fahrenheit. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
- Previous message: Dotan Cohen: "Re: Problem installing azureus"
- In reply to: Matthew Miller: "Re: how can you verify that the site you get is not a fake?"
- Next in thread: Matthew Miller: "Re: how can you verify that the site you get is not a fake?"
- Reply: Matthew Miller: "Re: how can you verify that the site you get is not a fake?"
- Reply: Felipe Alfaro Solana: "Re: how can you verify that the site you get is not a fake?"
- Reply: Joel Jaeggli: "RE: how can you verify that the site you get is not a fake?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
