On Mon, 2005-06-06 at 09:05, bruce wrote: > but you still haven't addressed my problem/issue/question... > > and that's how do i as a user (not an app) know that this is the right site > for the url i entered... my fear is that a malicious site, could simply fake > the information he's providing, to 'look' like the actual/real site... > > and as of yet.. i can't craft a solution to this issue... Pick up a book on SSL certificates and read up on it. Others on the list have described how it works. It is virtually impossible to fake the certificates. It would require access at points in the Internet to control your DNS and routing to run a man in the middle attack that would in effect mean the bad guys own your Internet access path. You are more likely to have someone get your password from shoulder surfing or have an internal admin user access your information than someone external redirect you to a web site that you can not identify as fake. Of course the basic rule of don't open or click on any thing that comes from unsolicited email applies here. None of those that I have seen are really that sophisticated and are easily identified as fakes. And the people that have trouble figuring out those are fake are the same ones trying to help the Nigerian lawyer get money out of his country..... -- Scot L. Harris webid@xxxxxxxxxx "Atomic batteries to power, turbines to speed." -- Robin, The Boy Wonder
