infp - 9:13 pm on Jul 31, 2008 (gmt 0)

If the MITM proxy replaces the HTTPS address of the bank with https://www.examplebank.com, such as how I described it above, then you connect to https://www.examplebank.com instead of your bank, no error given.

That is not a man-in-the-middle attack as such. That is a user visiting an incorrect URL (the desired SSL connection does not exist so there is nothing to attack). If you bookmark your blog admin page, you can avoid making such a mistake. Besides, you must start with a non-SSL page, which is forbidden if you want to discuss MITM attacks on SSL (https is required).

Besides, most people wouldn't think twice and would click OK

That should mean that SSL cannot prevent MITM attacks? Doesn't it rather mean that some users cannot use SSL?

As a matter of fact, any server that has a valid SSL cert which has been compromised by hackers can be used for this process just like the phishing scams.

Yes, that's why I wrote: "If the attack works, then either your computer has been compromised or the remote server has been compromised."

[edited by: infp at 9:35 pm (utc) on July 31, 2008]