Joshua Slive wrote:
I think I now understanding the attack. They are changing the response information when the login form is being sent to the user in plain text. I first thought you where telling me the attacker was getting the user to go to a different URL and log in.On 2/6/06, Mark McCulligh <mmcculli@xxxxxxxxxxxxx> wrote:This type of attack can be pulled off even if the login form is secured. The attacker just has create a login page that looks like mine and get the user to use it. A lot of users won't realize they are on the wrong website and the lock(secure) is missing. We have all seen those Paypal emails that try and get you to click on the link and login.Yes, it is easy to fool the average user. The difference with the man-in-the-middle attack is that it would fool a relatively sophisticated user. There is essentially no way to tell your info is about to be stolen unless you view-source and analyze the code. For the other attacks you mention, a quick look at the URL bar will tell the story. (But I agree that most users don't even bother to do that.)
Mark.
Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
-- ___________________________________________ Mark McCulligh, Web Consultant VisualTech Components www.VisualTech.ca mmcculli@xxxxxxxxxxxxx (519)318-7905 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx