|
WebApp Sec
mailing list archives
Re: Should login pages be protected by SSL?
From: Amir Herzberg <herzbea () macs biu ac il>
Date: Tue, 21 Jun 2005 09:41:42 +0200
A.D. Douma wrote:
Just a quick comment here,
Since when do SSL certificates protect a user against MITM attacks.
True it makes it harder to perform a MITM attack, but it is still very
much possible.
I was referring to SSL protocol, not just the certificate, of course.
But assuming this is also what you meant... Can you explain what way you
know of doing successful MITM attack on SSL session?
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
Hall Of Shame of Unprotected Login pages: http://AmirHerzberg.com/shame.html
 By Date 
By Thread
Current thread:
- RE: Should login pages be protected by SSL?, (continued)
RE: Should login pages be protected by SSL? maburns (Jun 20)
Re: Should login pages be protected by SSL? Amir Herzberg (Jun 21)
RE: Should login pages be protected by SSL? Cowles, Robert D. (Jun 21)
RE: Should login pages be protected by SSL? Derick Anderson (Jun 21)
RE: Should login pages be protected by SSL? Cowles, Robert D. (Jun 21)
|
Intro
