Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [WEB SECURITY] SSL does not = a secure website

from [PPowenski] Network Security [Permanent Link]
Subject: RE: [WEB SECURITY] SSL does not = a secure website
Date: Wed, 29 Mar 2006 10:25:48 +0100 
FYI...

A recent purchase I made at DABS www.dabs.co.uk utilized this technique
when the Verify by Visa component launched at the conclusion of the CC
authorization process.


-----Original Message-----
From: James Strassburg [mailto:JStrassburg@directs.com] 
Sent: 29 March 2006 00:16
To: Sebastien Deleersnyder; Web Security; webappsec@securityfocus.com
Subject: RE: [WEB SECURITY] SSL does not = a secure website


There are additional countermeasures that a web application can
implement.  For example, the app could have the user enter his/her
password by clicking an onscreen keyboard or ask the user for random
characters from their password (enter the 2nd, 4th and 10th character of
your password).  I should state that while I've read about these I don't
know of a web application that makes use of them.

James Strassburg

________________________________

From: Ryan Barnett [mailto:rcbarnett@gmail.com] 
Sent: Tuesday, March 28, 2006 8:10 AM
To: Sebastien Deleersnyder
Cc: Web Security; webappsec@securityfocus.com
Subject: Re: [WEB SECURITY] SSL does not = a secure website



On 3/28/06, Sebastien Deleersnyder <sebastien.deleersnyder@ascure.com>
wrote: 

Their is nothing that a website can do to prevent keyloggers on the
user's machine. 
 
Well, now that I think about it, that is not entirely true...  Websites
could front-end their web apps with applications such as Sygate (
http://www.symantec.com/Products/enterprise?c=prodinfo&refId=1302
<http://www.symantec.com/Products/enterprise?c=prodinfo&refId=1302> )
which can check the user's computer for some forms of malware (including
keyloggers) and then place the user into a Java virtual machine to help
protect user credentials.  


------------------------------------------------------------------------
-
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gR
l
------------------------------------------------------------------------
--
This e-mail is intended for the named recipient(s).  It and any attachments may 
contain privileged and/or confidential information. They may not be disclosed 
to or used by or copied in any way by anyone other than the intended recipient. 
 If you are not one of the intended recipients, or this email is received in 
error, please immediately either notify the sender or contact OAG Worldwide 
Limited on +44 (0) 1582 600111 quoting the name of the sender and the email 
address to which it has been sent and then delete it and any attachment(s). 
While all reasonable efforts are made to safeguard inbound and outbound 
e-mails, OAG Worldwide Limited and its affiliate companies cannot guarantee 
that attachments do not contain any viruses or are compatible with your 
systems, and does not accept liability in respect of viruses or computer 
problems experienced. Neither OAG Worldwide Limited nor the sender accepts any 
responsibility for viruses and it is your responsibility to scan or otherwise 
check this email and any attachments.  
OAG Worldwide Limited may monitor or record outgoing and incoming e-mail to 
secure effective system operation and for other lawful purposes.  By replying 
to this email you give your consent to such monitoring. 
Thank you.
OAG Worldwide Limited is a company registered in England and Wales (registered 
number 4226716), with its registered office at Church Street, Dunstable, 
Bedfordshire, LU5 4HB, United Kingdom.


-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Writing to a local file without a warning, Frank Heyne
Next by Date:  RE: [WEB SECURITY] SSL does not = a secure website, Lyal Collins
Previous by Thread:  Re: [WEB SECURITY] SSL does not = a secure website, michaelslists
Next by Thread:  Administrivia: Friday 31st March - Limited moderation, and cross-posting, Andrew van der Stock
Indexes:  [Date] [Thread] [Top] [All Lists]