> I often see secure ordering links that take you to a different "store" > URL that seems completely unrelated (other than page design), and with > which I'm unfamiliar; any of those could be hijackings, and I doubt many > of us sophisticates think twice about it. Realistically, if you came > across a link on my site that said you can order my software through > https://software-payments.com/, and found a reasonable-looking secure > page when you got there, I doubt you'd think twice -- you'd have no way > of knowing my non-secure site links had been hijacked.
Worse, he could use https://www.realstore.com:%43anything%20he%20wants%20to%20make%20a%20really% [EMAIL PROTECTED]/ This has the added advantage of looking like you are still on www.realstore.com, while actually passing that data to secure.realstorepayments.com (The hijacker's domain name), the average user won't notice the : instead of a ?, and those that run software firewalls on their local computer will just see the "secure.somelegitlookingccprocessingcompany.com" domain anyway. -- The nice thing about standards, there is enough for everyone to have their own.
