Florian Weimer wrote:

* Lance James:

Couldn't you just copy (or proxy all content) and get the same effect
without using frames at all?

How would you go about doing that and still get the SSL Lock to remain as the banks? Can you give an example?

In both cases, you have the SSL lock on your own certificate.

And as stated above, reverse the effect and it would be the banks in scenarios such as XSS. The Banks SSL cert is actually handling all the data, my concern is that the user is not aware of this and only trusts the domain that's indicated in the address bar's cert.

At least my browser does not provide a user interface to access the
certificates of the servers from which embedded objects (or frames)
were downloaded.

Best Regards,
Lance James
Secure Science Corporation
Author of 'Phishing Exposed'
Find out how malware is affecting your company: Get a DIA account today!
https://slam.securescience.com/signup.cgi - it's free!

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to