For a start, when you
land on a website, it is really hard to know with whom you are
actually dealing. It could be the site of your bank, as it claims to
be, or it could be a scam hosted on a Web server from a county
without strong regulations against digital crime (remember the
author of the worm ILOVEYOU; see the section ???The Vandalism
and Bravado Era: Viruses and Worms???). In other words, the
server can authenticate you, but it is extremely dif?¬?cult for you
to authenticate the server. We explore the issue of server authentication
in depth in the sections ???The Babel of
Cryptography??? and ???The Babel of Web User Interfaces.???
Anyway, what counts in this context is that this situation makes
you a likely victim for attacks in the data-entering phase (that is
to say, phishing).
Do you want to talk about man-in-the-middle attacks? In a local
network, the authentication screens are usually well protected,
and passwords (almost) never travel in readable format. On the
Internet, the security level depends on the good will of who
implemented the website and too often is not as safe as it
could be.
Are there good, long-term solutions to those problems? This
time we may be out of luck.
Pages:
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85