SSL doesn't solve everything
Posted Jul 31, 2007 16:17 UTC (Tue) by kevinbsmith
In reply to: Cache poisoning vulnerability found in BIND
Parent article: Cache poisoning vulnerability found in BIND
SSL doesn't quite solve the problem for "normal" end-users. How many people bother to type in https when they go to paypal (or ebay, or their bank)? Most just navigate to the non-SSL site, which automatically redirects them to the SSL version.
The attacker can redirect them to a non-SSL site that looks like the real SSL site, or to an SSL site with a different domain and therefore a valid cert.
Bookmarks (to the SSL site) can avoid that problem, but users won't always use their bookmarks.
to post comments)