The internet is broken, and you can't win

[rfunk]

Two weeks ago, it was revealed that there's a nasty flaw inherent in the design of the DNS protocol that underlies almost everything we do on the internet. The implication is that when you're doing your thing on the net, any given bad guy could make your computer go where he wants, instead of where you want, without you knowing about it

Comments

Bank website?

[anonymous]

How would the phishing bank site use SSL? The web browser should throw up an error stating that the domain in the SSL cert does not match your browsers domain. Unless I'm missing something here, I think this only works on non SSL sites.

Re: Bank website?

[rfunk]

That won't happen if they redirect a non-SSL page to their own domain, then go to SSL after that.

Many, if not most, bank websites offer account login on the non-SSL homepage. This is a bad thing. (See this recent InformationWeek story for more web-banking badness.)

And most people don't really understand what the browser is saying in the popups -- especially in an age of Windows Vista asking you to approve everything you want to do. It's way too common and easy to click away a popup without really understanding it.