Defending users of unprotected login pages with TrustBar 0.4.9.93
Anne & Lynn Wheeler
lynn at garlic.com
Thu Sep 22 21:18:12 EDT 2005
Axley, Jason wrote:
> I think that this trades one security problem for others in the
> application security realm. Sites that allow for equivalent functional
> duality in either HTTPS or HTTP protocols often suffer from problems
> where the HTTPS site inadvertently references an HTTP URL instead of
> HTTPS when doing something sensitive. Most people won't notice the
> insecurity because the site "still works". I prefer when applications
> break in insecure ways that they break loudly.
and the latest phishing
http://www.techweb.com/wire/security/171100298;jsessionid=EE0OXQCFILSOEQSNDBCCKHSCJUMEKJVN
New Phish Deceives With Phony Certificates
A new, advanced form a phishing dubbed "secured phishing" because it
relies on self-signed digital certificates, can easily fool all but the
most cautious consumers, a security firm warned Thursday.
... snip ...
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list