He changed the login form in such a way that he was sent the one time
transaction code of the money transfer and displayed an successful
result by himself from the hijacked web server. The SSL certificate was
of no use in this case, it even kept the user in wrong confidence.
The SigHTTP would have been a solution for this case.
I disbelieve. All he would've had to do would be to modify the login
form handler instead of the form itself. As you've described it,
SigHTTP does nothing for dynamic content.
Changing already
signed HTML content wold have deleted or modified the signature and a
SigHTTP cpapable browser or third party tool would have been given the
chance to alert the user.
So how does the browser distinguish between a page whose signature was
deleted by an attacker and one whose maintainer has stopped using
SigHTTP?
/========================================================\
|John Stracke |Principal Engineer |
|jstracke(_at_)incentivesystems(_dot_)com |Incentive Systems, Inc.|
|http://www.incentivesystems.com |My opinions are my own.|
|========================================================|
|This space intentionally left blank. |
\========================================================/