"And the best protection against the privacy and security risks created by this type of hijacking is to visit sites using HTTPS rather than HTTP, which can easily be achieved using EFF's HTTPS Everywhere Firefox extension"
I don't know why you were downvoted for this, it's a very cogent point— most users would probably click through a big red screen that says "DO NOT VISIT THIS WEB SITE!" We need to be thinking of them when we design our security model.
This is something I keep circling around. The host doesn't seem like a thing you could encrypt, because the intermediaries need to know where to send your packets. It seems like https encrypts the headers: http://stackoverflow.com/questions/187655/are-https-headers-...
but does this include the Location header?
The HTTP request itself is encrypted, but the IP packet (including the source and destination IP addresses) is not. SSL/TLS is application level encryption, and if you wanted to encrypt the actual packet, you need to switch to something like IPsec, but even then you need some sort of routing method (which I can't remember).
IPSec can work in many different ways. One of those is to encapsulate the entire packet as the encrypted payload of a new packet, with the new packet having headers in plain text leading to the other end of the IPSec tunnel. That other end will then decrypt and forward as appropriate (this is called a 'tunnel').
Yes.
SSL / TLS happens below HTTP at the socket layer. This is why you couldn't have vhosts's using SSL on a single IP for a very long time (the webserver wouldn't know which certificate to use).
"And the best protection against the privacy and security risks created by this type of hijacking is to visit sites using HTTPS rather than HTTP, which can easily be achieved using EFF's HTTPS Everywhere Firefox extension"