What makes my browser believe that there's no "Man in the middle" & trust the Connection is secure? The following is a scenario provided by my mentor to me.
Let's assume that the "man in the middle" has perfectly done ARP spoofing, then did the perfect DNS spoofing & also has a perfect self-signed SSL certificate with the domain name "www.google.com". How my browser knows that it isn't interacting with bad guy?
My mentor says that it is very easy to get a self-signed certificate with existing domain names, is this even possible?
So in a nutshell, "What is the ultimate trust factor for my browser to believe that it is communicating with a legitimate server? "
Aucun commentaire:
Enregistrer un commentaire