[whatwg] meta="encrypt" tag is needed
Maciej Stachowiak
mjs at apple.com
Sat May 8 02:31:03 PDT 2010
On May 7, 2010, at 1:40 PM, Aryeh Gregor wrote:
>
> In fact, do you know of *any* examples of MITM attacks being
> successfully used against a public website? It's not that I doubt
> that it's happened, but I don't actually know of any specific cases.
> In principle, you should be able to harvest lots of passwords by
> dropping some free wireless routers in strategic locations.
>
> (There's still an entirely different fatal problem with what you
> quoted, though: if you aren't worried about MITM, then encryption is
> pointless to begin with. I don't dispute your conclusion. :) )
"Pharming" is effectively a man-in-the-middle, and in particular would
be 100% effective at defeating the proposed security feature. It is
extremely common, to the point that it is considered one of the major
security risks on the Web.
http://en.wikipedia.org/wiki/Pharming
Regards,
Maciej
More information about the whatwg
mailing list