Network Security: Detailed info on Re: [WEB SECURITY] SSL does not = a secure website

Subject:	Re: [WEB SECURITY] SSL does not = a secure website
Date:	Wed, 29 Mar 2006 09:56:20 -0500

Subject:

Re: [WEB SECURITY] SSL does not = a secure website

Date:

Wed, 29 Mar 2006 09:56:20 -0500

On 3/29/06, Ryan Barnett <rcbarnett@gmail.com> wrote:

While these tangents are interesting, my original question is still
unanswered.  Does anyone have any references to news stories, etc...
about attackers sniffing user's web data and then using it?

This is not a questions of whether sniffing is a real threat, it is.
This is a question of having verifiable proof that this is happening
in order to "convert" the unbelievers.  We have verifiable proof that
credit card data is being pilfered in other ways (keyloggers, access
to DB, etc...).  Check out the WASC Web Hacking Incident Database for
news stories -
http://www.webappsec.org/projects/whid/list_class_sql_injection.shtml


Well, there was this incident:

http://isc.sans.org/diary.php?storyid=1118

Regards,
Brian

-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
RE: [WEB SECURITY] SSL does not = a secure website, Sebastien Deleersnyder Re: [WEB SECURITY] SSL does not = a secure website, Richard St John Re: [WEB SECURITY] SSL does not = a secure website, Nick Owen RE: [WEB SECURITY] SSL does not = a secure website, Mark Mcdonald Re: [WEB SECURITY] SSL does not = a secure website, michaelslists Re: [WEB SECURITY] SSL does not = a secure website, Andrew van der Stock RE: [WEB SECURITY] SSL does not = a secure website, Lyal Collins Re: [WEB SECURITY] SSL does not = a secure website, Ryan Barnett Re: [WEB SECURITY] SSL does not = a secure website, Brian Eaton <= Re: [WEB SECURITY] SSL does not = a secure website, Brian Eaton Re: [WEB SECURITY] SSL does not = a secure website, michaelslists RE: [WEB SECURITY] SSL does not = a secure website, James Strassburg Re: [WEB SECURITY] SSL does not = a secure website, Bill Pennington Re: [WEB SECURITY] SSL does not = a secure website, Gervase Markham Re: [WEB SECURITY] SSL does not = a secure website, Evert Collab RE: [WEB SECURITY] SSL does not = a secure website, Jeremy Bellwood Re: [WEB SECURITY] SSL does not = a secure website, michaelslists RE: [WEB SECURITY] SSL does not = a secure website, PPowenski

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: [WEB SECURITY] SSL does not = a secure website, Ryan Barnett
Next by Date:	SF new interview announcement: Open source security testing methodology, Andrew van der Stock
Previous by Thread:	Re: [WEB SECURITY] SSL does not = a secure website, Ryan Barnett
Next by Thread:	Re: [WEB SECURITY] SSL does not = a secure website, Brian Eaton
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: [WEB SECURITY] SSL does not = a secure website, Ryan Barnett

Next by Date:

SF new interview announcement: Open source security testing methodology, Andrew van der Stock

Previous by Thread:

Re: [WEB SECURITY] SSL does not = a secure website, Ryan Barnett

Next by Thread:

Re: [WEB SECURITY] SSL does not = a secure website, Brian Eaton

Indexes:

[Date] [Thread] [Top] [All Lists]