(1) If we hadn't put that big "FAKE" notice over the logo, would you be able to detect the DNS spoofing attack on loading the bank's web page in your browser? Explain.
(2) The Diamond Banking website lets users input their username and password on a form on a web page that is loaded over HTTP. But when the user presses "Login", the form sends the username and password to a page that is loaded over HTTPS, i.e. the username and password are sent over an encrypted connection. Explain why this is not sufficient to protect the users' login information. What kind of attack are users left vulnerable to? How would using HTTPS for the entire site protect users against this kind of attack?
(3) Would DNSSEC protect against this kind of attack? Explain your answer.
Also answer the following question: In the passive sniffing attack, Mallory needs to capture the 4-way handshake in order to read user data on a WPA network. But in the MITM attack on WPA, Mallory did not capture the 4-way handshake, but was still able to read sensitive user data. How did Mallory bypass WPA confidentiality in this attack?