On Jul 13, 2012, at 13:24, Gage Bystrom <[email protected]> wrote:
> Well if I understand Tim correctly you wouldn't need a CA. In the attack he
> mentioned not once do you ever actually look at the ssl content. He's talking
> about redirecting them to plain http and then setting the session cookie and
> redirecting them back.
>
You're right. I misread slightly. Same tool would still work just scrap the ca
comment. :)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
