[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] SSL does not = a secure website

From: "Brian Eaton" <eaton.lists@xxxxxxxxx>
Subject: Re: [WEB SECURITY] SSL does not = a secure website
Date: Wed, 29 Mar 2006 09:56:20 -0500

On 3/29/06, Ryan Barnett <rcbarnett@xxxxxxxxx> wrote:
> While these tangents are interesting, my original question is still
> unanswered.  Does anyone have any references to news stories, etc...
> about attackers sniffing user's web data and then using it?
>
> This is not a questions of whether sniffing is a real threat, it is.
> This is a question of having verifiable proof that this is happening
> in order to "convert" the unbelievers.  We have verifiable proof that
> credit card data is being pilfered in other ways (keyloggers, access
> to DB, etc...).  Check out the WASC Web Hacking Incident Database for
> news stories -
> http://www.webappsec.org/projects/whid/list_class_sql_injection.shtml

Well, there was this incident:

http://isc.sans.org/diary.php?storyid=1118

Regards,
Brian

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/

References:
- Re: [WEB SECURITY] SSL does not = a secure website
  - From: Andrew van der Stock
- RE: [WEB SECURITY] SSL does not = a secure website
  - From: Lyal Collins
- Re: [WEB SECURITY] SSL does not = a secure website
  - From: Ryan Barnett

Prev by Date: [WEB SECURITY] Online Certificate of Authority
Next by Date: Re: [WEB SECURITY] Online Certificate of Authority
Previous by thread: Re: [WEB SECURITY] SSL does not = a secure website
Next by thread: RE: [WEB SECURITY] SSL does not = a secure website
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org