> However, here's where I get confused. Now the client is sending more
> data back to the server (probably in the form of an https document
> request) - how do these packets now get rerouted to the MITM? Or is
> this more of a "one directional" attack?
By (e.g.) confusing DNS for the client the MITM (Man In The Middle) can
truly intercept and replace the traffic in both directions.
A tricky part is that the HTTPS server sends back its public key that
has been signed by a certification authority (CA, e.g. Verisign).
Netscape (the browser) is shipped with Verisign's public key so can
verify the signed HTTPS server key. So this makes it is difficult for
the MITM to substitute HIS public key to interpose the connection.
But have you noticed that Netscape is "user-friendly" in that if the
HTTPS server key is not signed by a known CA or the website name
doesn't match correctly then it (Netscape) will lead the user through a
"security dialog" to nevertheless accept the HTTPS server's key?
What fraction of people will just click "OK", "OK", ... "Finish"
since they don't know any better?
Certainly more than would be expected to get "hit on the head by
a meteorite" ;-)
Karl
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
