“Most security experts have been aware of problems with SSL,
but generally speaking we haven’t said much because there wasn’t
much of a replacement available for it, and it hasn’t been
exploited extensively (chances are it will be, though). I’ll start
with an explanation of the basic attack, followed by some methods
to protect yourself, and finish with an interview with Dale
Peterson of DigitalBond and the summary…”
“Let’s say I want to scam people’s credit card numbers, and
don’t want to break into a server. What if I could get people to
come to me, and voluntarily give me their credit card numbers?
Well, this is entirely too easy.
“I would start by setting up a web server, and copying a popular
site to it, say www.some-online-store.com, time required to do this
with a tool such as wget is around 20-30 minutes. I would then
modify the forms used to submit information and make sure they
pointed to my server, so I now have a copy of
www.some-online-store.com that looks and feels like the “real”
thing…”