Quote:
Originally Posted by Hank
It just seems odd that something sitting at the ISP level would not be able to say https:\\aphishsite.com or https\\xxx.xxx.xxx.xxx when requested is a phishing site on their list (disregarding for the moment how complete that list is)
I confess to not knowing enough in this area though! 
Hank |
Cryptography is often counterintuitive. Think of it this way: The way https was designed was to hide as much information as possible from eavesdroppers. If you visit
https://www.example.com/path/file.php?do=something_bad then all that gets sent unencrypted is
www.example.com*.
www.example.com might be a legit site but with a poorly coded page that allows it to be used as part of a phishing attempt.
* Note: This isn't technically correct. That probably isn't even sent (unless you're using an up to date browser supporting Server Name Indication - in which case it'll likely also have a built in phishing filter). Instead the ip address for that domain is. Although to look up that address
www.example.com is sent unencrypted to a DNS server.
I'm trying to keep it simple though.
