Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Should login pages be protected by SSL?

from [Steve Shah] Network Security [Permanent Link]
Subject: Re: Should login pages be protected by SSL?
Date: Tue, 21 Jun 2005 19:38:28 -0700 
There may not be an advantage in breaking into that account
but consider that when grandmother registered at the web
site she probably picked the same userid and password
and password hint as she has at lots of other sites ..


And SSL does nothing to mitigate that risk.

-Steve

-- 
Steve Shah
sshah@RisingEdge.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Should login pages be protected by SSL?, Cowles, Robert D.
Next by Date:  Re: Should login pages be protected by SSL? (and comment to moderator), Amir Herzberg
Previous by Thread:  RE: Should login pages be protected by SSL?, Cowles, Robert D.
Next by Thread:  RE: Should login pages be protected by SSL?, Derick Anderson
Indexes:  [Date] [Thread] [Top] [All Lists]