Quote:
Originally Posted by jca111
BUT then your certificate would not match the site name - and a great big warning would come up! If you think Thawte or any other root certificate supplier would give phorm a certificate for EVERY https site in the world - well we are into massive consiracy theorys there.
Lets keep the discussion on to things that can realisticly happen.
|
Your initial http request would not get near your bank. The layer 7 device would divert it to the standard phishing front page, which would look to you like your banks login and shared secrets pages. Now they have your details. Perhaps you should re-read Richard Clayton's tech description.