Several people have sent in a link to a New York Times story on ACH fraud:
http://www.nytimes.com/2008/08/30/business/yourmoney/30theft.html
Perry
--
Perry E. Metzger[EMAIL PROTECTED]
-
The Cryptography
[Adding the cryptography list, since this seems of interest]
On Wed, Aug 27, 2008 at 8:58 PM, Story Henry [EMAIL PROTECTED] wrote:
Apparently rfc2817 allows an http url tp be used for https security.
Given that Apache seems to have that implemented [1] and that the
openid url is mostly used
At Mon, 1 Sep 2008 21:00:55 +0100,
Ben Laurie wrote:
The core issue is that HTTPS is used to establish end-to-end security,
meaning, in particular, authentication and secrecy. If the MitM can
disable the upgrade to HTTPS then he defeats this aim. The fact that
the server declines to serve an
On Mon, Sep 1, 2008 at 9:49 PM, Eric Rescorla [EMAIL PROTECTED] wrote:
At Mon, 1 Sep 2008 21:00:55 +0100,
Ben Laurie wrote:
The core issue is that HTTPS is used to establish end-to-end security,
meaning, in particular, authentication and secrecy. If the MitM can
disable the upgrade to HTTPS
At Mon, 1 Sep 2008 21:56:52 +0100,
Ben Laurie wrote:
On Mon, Sep 1, 2008 at 9:49 PM, Eric Rescorla [EMAIL PROTECTED] wrote:
At Mon, 1 Sep 2008 21:00:55 +0100,
Ben Laurie wrote:
The core issue is that HTTPS is used to establish end-to-end security,
meaning, in particular, authentication