Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Should login pages be protected by SSL?

from [Cowles, Robert D.] Network Security [Permanent Link]
Subject: RE: Should login pages be protected by SSL?
Date: Tue, 21 Jun 2005 11:32:29 -0700 
 


-----Original Message-----
From: Glenn Euloth [mailto:eulothg@hfx.eastlink.ca] 



 You can't, however, expect your grandmother to 
properly configure her browser to be highly 
secure just to log in to a web-based forum where 
she can post her favourite  blueberry pie
recipe.  If someone breaks into her account does it really 
matter?  And why would someone bother in the first place?  
Where's the value in breaking in to such an account?



There may not be an advantage in breaking into that account
but consider that when grandmother registered at the web
site she probably picked the same userid and password
and password hint as she has at lots of other sites ..
some of which might be higher value (storing financial
information like credit card numbers or banking information).

In fact, it seems to be ignored that a wonderful way to collect
userid/password combinations is just to put up a web site and
ask people to register to access the content.  I would be willing
to be that a fairly high percentage of people don't take care to
consistently use a different password, in any case, from the
high-value sites.

Bob Cowles
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Should login pages be protected by SSL?, Almerindo Graziano
Next by Date:  Can HTTP Request Smuggling be blocked by Web Application Firewalls?, Amit Klein (AKsecurity)
Previous by Thread:  Re: Should login pages be protected by SSL?, Amir Herzberg
Next by Thread:  Re: Should login pages be protected by SSL?, Steve Shah
Indexes:  [Date] [Thread] [Top] [All Lists]