On May 7, 2010, at 1:40 PM, Aryeh Gregor wrote:
In fact, do you know of *any* examples of MITM attacks being successfully used against a public website? It's not that I doubt that it's happened, but I don't actually know of any specific cases. In principle, you should be able to harvest lots of passwords by dropping some free wireless routers in strategic locations. (There's still an entirely different fatal problem with what you quoted, though: if you aren't worried about MITM, then encryption is pointless to begin with. I don't dispute your conclusion. :) )
"Pharming" is effectively a man-in-the-middle, and in particular would be 100% effective at defeating the proposed security feature. It is extremely common, to the point that it is considered one of the major security risks on the Web.
http://en.wikipedia.org/wiki/Pharming Regards, Maciej
