Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re: OT: Inserting Ads without breaking the SSL

from [7269] Network Security [Permanent Link]
Subject: Re: Re: OT: Inserting Ads without breaking the SSL
Date: 27 Apr 2006 06:48:57 -0000 
I tried it in Sunnyvale.  Looks to me like Metrofi free service breaks the SSL. 
 The "lock" icon on the browser is not there, and the URL the browser shows has 
been mangled and has no "https" in it.  My guess is they run a proxy in their 
network that acts as the SSL endpoint, and the connection between user and 
proxy is unsecured HTTP.

If I'm right, this is a major nastiness to spring on unsuspecting users.  Sites 
that the user normally uses in SSL mode -- email, banking, etc. -- are exposed 
both over the air and on Metrofi's network.  I hope I'm wrong.

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. Change the way you 
think about application security testing - See for yourself. 
Download a Free Trial of AppScan 6.0 today!

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [WEB SECURITY] Fundamental error in Corsaire's paper?, Martin O'Neal
Next by Date:  Re: Web Site Certification, Dean H. Saxe
Previous by Thread:  Re: OT: Inserting Ads without breaking the SSL, Andrew van der Stock
Next by Thread:  Re: OT: Inserting Ads without breaking the SSL, Jason
Indexes:  [Date] [Thread] [Top] [All Lists]