Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: insecure elements in https protected pages

From: "G. D. Fuego" <gdfuego () gmail com>
Date: Sun, 18 Oct 2009 21:28:02 -0400
On Oct 18, 2009, at 6:03 PM, Mohammad Hosein <mhtajik () gmail com> wrote:


in a certain web application e.g gmail there are times the whole  
communication is secured by ssl and sometimes "there are insecure  
elements" that raise questions . i'm not a web professional . how to  
find these insecure elements ? and how to evaluate if these elements  
are the results of a successful man in the middle attack or not ?


Insecure elements in a secure page wouldn't be the result of a man in  
the middle attack.  That would require being in the middle of the  
https connection in order to change the content of the page.

If you're already in the middle of the https connection in a non- 
obvious way, why downgrade to http?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: