how can you verify that the site you get is not a fake?

[Felipe Alfaro Solana]

On 6/6/05, bruce <bedouglas at earthlink.net> wrote:
> matt, i unsderstand what you're saying...
> 
> but i still don't see how this protects/allows a user to 'know' that th site
> he's on is the correct site...
> 
> as an example. i go to the verisign site (www.verisign.com) i can select the
> verisign logo, which displays a pop-up. i read it, it looks good.. i think
> i'm secure...
> 
> however, there's nothing that i look at, that couldn't be forged/faked by
> you or i with the right web app knowledge...
> 
> i understand that the 'ssl/lock' is a function of the browser and is
> supposed to be used to present details of the ssl certificate employed... i
> also understand that the lock function is a component of the browser...
> however, this asumes the user knows to click on the 'lock'. if i were to
> provide a fake 'picture/icon' for the user to select, such that it displayed
> the fake ssl information, in all likelyhood, the user wouldn't know the
> difference..

Yes, I agree. There are some much clueless users out there, that many
of them don't know even of the existence of such "lock" icon, and
don't know what a secure connection is. If told to look for the "lock"
they will click on the first lock image they see, and won't notice the
"lock" icon in the status bar, for example.

As I stated before, this is not a technological problem, but a
cultural and social problem: users aren't educated enough to use
computers, much less to perform critical operations like e-commerce or
e-banking.