Defending users of unprotected login pages with TrustBar 0.4.9.93

Anne & Lynn Wheeler lynn at garlic.com
Thu Sep 22 21:18:12 EDT 2005


Axley, Jason wrote:
> I think that this trades one security problem for others in the
> application security realm.  Sites that allow for equivalent functional
> duality in either HTTPS or HTTP protocols often suffer from problems
> where the HTTPS site inadvertently references an HTTP URL instead of
> HTTPS when doing something sensitive.  Most people won't notice the
> insecurity because the site "still works".  I prefer when applications
> break in insecure ways that they break loudly.

and the latest phishing
http://www.techweb.com/wire/security/171100298;jsessionid=EE0OXQCFILSOEQSNDBCCKHSCJUMEKJVN

New Phish Deceives With Phony Certificates

A new, advanced form a phishing dubbed "secured phishing" because it
relies on self-signed digital certificates, can easily fool all but the
most cautious consumers, a security firm warned Thursday.

... snip ...

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list