Thread: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Single Post
Old 02-07-2008, 14:36   #10828
jca111
Inactive
 
Join Date: Apr 2008
Posts: 58
jca111 is an unknown quantity at this point
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by rryles View Post
Cryptography is often counterintuitive. Think of it this way: The way https was designed was to hide as much information as possible from eavesdroppers. If you visit https://www.example.com/path/file.php?do=something_bad then all that gets sent unencrypted is www.example.com*. www.example.com might be a legit site but with a poorly coded page that allows it to be used as part of a phishing attempt.




* Note: This isn't technically correct. That probably isn't even sent (unless you're using an up to date browser supporting Server Name Indication - in which case it'll likely also have a built in phishing filter). Instead the ip address for that domain is. Although to look up that address www.example.com is sent unencrypted to a DNS server.

I'm trying to keep it simple though.
So are phorm intercepting the DNS queries as well? Even that wouldn't work tho - as the result could easily be in your local DNS Cache.
jca111 is offline