how can you verify that the site you get is not a fake?

Scot L. Harris webid at
Mon Jun 6 13:31:10 UTC 2005

On Mon, 2005-06-06 at 09:05, bruce wrote:
> but you still haven't addressed my problem/issue/question...
> and that's how do i as a user (not an app) know that this is the right site
> for the url i entered... my fear is that a malicious site, could simply fake
> the information he's providing, to 'look' like the actual/real site...
> and as of yet.. i can't craft a solution to this issue...

Pick up a book on SSL certificates and read up on it.  Others on the
list have described how it works.  It is virtually impossible to fake
the certificates.  It would require access at points in the Internet to
control your DNS and routing to run a man in the middle attack that
would in effect mean the bad guys own your Internet access path.  

You are more likely to have someone get your password from shoulder
surfing or have an internal admin user access your information than
someone external redirect you to a web site that you can not identify as

Of course the basic rule of don't open or click on any thing that comes
from unsolicited email applies here.  None of those that I have seen are
really that sophisticated and are easily identified as fakes.

And the people that have trouble figuring out those are fake are the
same ones trying to help the Nigerian lawyer get money out of his

Scot L. Harris
webid at

"Atomic batteries to power, turbines to speed."
-- Robin, The Boy Wonder 

More information about the users mailing list