On 6/14/11 5:01 PM, Peter Kosinar wrote:
>> It's called "sarcasm". No security professional could have *possibly*
>> predicted that using a URL that looks like
>>
>> https://www.big-bank.com/account=134233433
>>
>> could possibly be attacked, and it's *so* hard to design your web
>> interface to prepare for that sort of session hijacking....
>
> What are you talking about?! It has the magic "s" after "http",
> which means "Secure".
>
> Peter
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
Indeed. That final s makes all the difference
Randys:://
--
.::.::.::.
:: :.
-:.' :
:: :.
.:: ::
.:. ::
.:. ::
. : .
,,,,;.;;,,,,,,,,,,,,,,.;;;.,,
;zzzzzzzzzzzzzzzzzzzzzzzzzzzz.
;zzzzzzzzzzzzzzzzzzzzzzzzzzzz.
:zzzzzzzzzzzzzzzzzzzzzzzzzzzz.
::=!:=!!=:!=:==:=!:=!!=:==:==.
::.::.:: :::::::.:: :: ::::::
::.::.:: ::.:.::.::.::.:.::.:
::.:: :: :: :.::.:: :: :: :.:
:zzzzzzzzzzzzzzzzzzzzzzzzzzzz.
:zzzzzzzzzzzzzzzzzzzzzzzzzzzz.
:zzzzzzzzzzzzzzzzzzzzzzzzzzzz.
This lock means you can trust me with
your credit card
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
