ARP-spoofing defense

Chris Carey chris.carey at gmail.com
Mon Mar 19 13:08:51 MDT 2007


On 3/19/07, Wade Preston Shearer <lists at wadeshearer.com> wrote:
>
> What's the point in wasting the cycles to encrypt the home and other
> public pages?
>
> Shouldn't you just need…
>
> https://pb.uccu.com/UCCU/login.aspx
>
>
> …and deeper secure?

If the UCCU main page was not secure, then the same ARP trick could be
used to display a fake UCCU page which redirects to a non-secure rogue
page to steal login credentials. So I for one, like the fact that the
whole site is encrypted.



More information about the PLUG mailing list