|
WebApp Sec
mailing list archives
Re: Re: OT: Inserting Ads without breaking the SSL
From: 7269 () sagedrive com
Date: 27 Apr 2006 06:48:57 -0000
I tried it in Sunnyvale. Looks to me like Metrofi free service breaks the SSL. The "lock" icon on the browser is not
there, and the URL the browser shows has been mangled and has no "https" in it. My guess is they run a proxy in their
network that acts as the SSL endpoint, and the connection between user and proxy is unsecured HTTP.
If I'm right, this is a major nastiness to spring on unsuspecting users. Sites that the user normally uses in SSL mode
-- email, banking, etc. -- are exposed both over the air and on Metrofi's network. I hope I'm wrong.
-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. Change the way you
think about application security testing - See for yourself.
Download a Free Trial of AppScan 6.0 today!
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF
--------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- Re: OT: Inserting Ads without breaking the SSL, (continued)
Re: OT: Inserting Ads without breaking the SSL Anthony Ettinger (Apr 22)
Re: OT: Inserting Ads without breaking the SSL Andrew van der Stock (Apr 22)
Re: Re: OT: Inserting Ads without breaking the SSL 7269 (Apr 27)
Re: Re: OT: Inserting Ads without breaking the SSL 7269 (Apr 27)
Re: OT: Inserting Ads without breaking the SSL elawford (May 01)
Re: OT: Inserting Ads without breaking the SSL Saqib Ali (Jun 12)
|
Intro
