Network Security: Detailed info on Re: Defending users of unprotected login pages with TrustBar 0.4.9.93

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

[Top] [All Lists]

Re: Defending users of unprotected login pages with TrustBar 0.4.9.93

from [Nathan Jackson-Eeles] Network Security

[Permanent Link]

Subject:	Re: Defending users of unprotected login pages with TrustBar 0.4.9.93
Date:	Mon, 19 Sep 2005 14:36:07 +0200

On 19 Sep 2005 12:19:12 -0000, mike03051@yahoo.com <mike03051@yahoo.com> wrote:

Now the way I understand this should work is that the form target is a POST 
to https://url.com. The browsers is then required to open an SSL connection 
to the server and send the form data through the encrypted channel.

Maybe you or someone on this forum can confirm or correct my understanding.

Mike Peters


Mike,

You are correct, even though a site may have an http address, it
doesn't mean that the form will be sent over http. Paypal (for
example) uses the following in it's login form:
form method="post" name="login_form"
action="https://www.paypal.com/cgi-bin/webscr?cmd=_login-submit";

While the login details are sent securely, it doesn't do much for user
awareness!!

Regards,

Nathan Jackson-Eeles

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Defending users of unprotected login pages with TrustBar 0.4.9.93, Amir Herzberg Re: Defending users of unprotected login pages with TrustBar 0.4.9.93, mike03051 Re: Defending users of unprotected login pages with TrustBar 0.4.9.93, Nathan Jackson-Eeles <= Re: Defending users of unprotected login pages with TrustBar 0.4.9.93, J. Lambrecht Re: Re: Defending users of unprotected login pages with TrustBar 0.4.9.93, mike03051 Re: Re: Defending users of unprotected login pages with TrustBar 0.4.9.93, Peter Conrad Re: Re: Defending users of unprotected login pages with TrustBar 0.4.9.93, mike03051

Previous by Date:	Re: Defending users of unprotected login pages with TrustBar 0.4.9.93, mike03051
Next by Date:	Re: Defending users of unprotected login pages with TrustBar 0.4.9.93, J. Lambrecht
Previous by Thread:	Re: Defending users of unprotected login pages with TrustBar 0.4.9.93, mike03051
Next by Thread:	Re: Defending users of unprotected login pages with TrustBar 0.4.9.93, J. Lambrecht
Indexes:	[Date] [Thread] [Top] [All Lists]