Looks like a great target for Pharming attacks. Thanks for all your data sent to me over an SSL connection. =)
Yeah .. Google is notorious for trying to send everything into the same domain -- trying to make our lives difficult.
Right now, I'm trying snort with REACT actions based on their SSL certificate fingerprint. Preventing the key exchange would prevent the session setup.
I just need to see if that'd block Gmail as well. ~Mike. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
