Did you happen to grab a packet capture? Can someone stop by and grab
one. It only needs to be a capture of starting up a session, visiting
google, then visiting https://www.verisign.com/
7269@sagedrive.com wrote:
I tried it in Sunnyvale. Looks to me like Metrofi free service
breaks the SSL. The "lock" icon on the browser is not there, and the
URL the browser shows has been mangled and has no "https" in it. My
guess is they run a proxy in their network that acts as the SSL
endpoint, and the connection between user and proxy is unsecured
HTTP.
If I'm right, this is a major nastiness to spring on unsuspecting
users. Sites that the user normally uses in SSL mode -- email,
banking, etc. -- are exposed both over the air and on Metrofi's
network. I hope I'm wrong.
-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire's AppScan is the industry's first and leading web
application security testing suite, and the only solution to provide
comprehensive remediation tasks at every level of the application.
Change the way you think about application security testing - See for
yourself. Download a Free Trial of AppScan 6.0 today!
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF
--------------------------------------------------------------------------
-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. Change the way you
think about application security testing - See for yourself.
Download a Free Trial of AppScan 6.0 today!
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF
--------------------------------------------------------------------------
