Luminous

iTrader: (3)

I have been told a few times now that you should check to see if you are using a secure website when you are handing over financial details. If the website is not secure, then it is likely to be a fake site.

My question is this. Why cannot the person who has made the fake site also make the fake one secure?

For example, when on eBay you get a little logo to tell you that you on a secure site. Why would that not be possible if you went to eebay.co.uk?

I thought that the only reason that secure website used encryption was that to ensure that the data you sent to the site, and the data you received from the site could not be intercepted and understood?

NWMark

erm!! yes i suppose

They can.

yes it is possible, and is why you should manually type in the URL of sites where your going to input private information.

yes you are correct.

Mark

stevencotton

The key is the certificate, it should match the domain of the site serving encrypted content. You will get a warning from your browser should the certificate not match the domain, or if it's not signed by a certification authority, etc.

Luminous

iTrader: (3)

Aha!! Those pesky things called certificates

I don't get them really. I mean, if you make your own certificate for you fake secure site, you will then send this to your victim. Your victim will see it and think all is fine

I think I need a nice easy guide to have a read about these


Thanks Mark, I thought I had understood that bit

stevencotton

No, because in order for it to be valid it has to be signed by a CA. Self-signed certificates pop up warnings in your browser.