Re: [Anti-fraud] Re: Feature or Flaw?

Amir Herzberg wrote: Lance James wrote: Amir Herzberg wrote: Lance James wrote: ... > https://slam.securescience.com/threats/mixed.html This site is set so that there is a frame of https://www.bankone.com inside my https://slam.securescience.com/threats/mixed.html site. The imaginativ

Re: Feature or Flaw?

Lance James wrote: Amir Herzberg wrote: Lance James wrote: ... > https://slam.securescience.com/threats/mixed.html This site is set so that there is a frame of https://www.bankone.com inside my https://slam.securescience.com/threats/mixed.html site. The imaginative part is that you may hav

Re: Feature or Flaw?

Florian Weimer wrote: * Lance James: And as stated above, reverse the effect and it would be the banks in scenarios such as XSS. In case of XSS or CSRF, you have lost anyway. The web was not designed as a presentation service for transaction processing, especially if the transaction

Re: Feature or Flaw?

* Lance James: > And as stated above, reverse the effect and it would be the banks in > scenarios such as XSS. In case of XSS or CSRF, you have lost anyway. The web was not designed as a presentation service for transaction processing, especially if the transactions involve significant value.

Re: Feature or Flaw?

> This site is set so that there is a frame of https://www.bankone.com > inside my https://slam.securescience.com/threats/mixed.html site. The > imaginative part is that you may have to reverse the rolls to understand > the impact of this (https://www.bankone.com with > https://slam.securescienc

Re: Feature or Flaw?

Amir Herzberg wrote: Lance James wrote: ... > https://slam.securescience.com/threats/mixed.html This site is set so that there is a frame of https://www.bankone.com inside my https://slam.securescience.com/threats/mixed.html site. The imaginative part is that you may have to reverse the ro

Re: Feature or Flaw?

Florian Weimer wrote: * Lance James: Couldn't you just copy (or proxy all content) and get the same effect without using frames at all? How would you go about doing that and still get the SSL Lock to remain as the banks? Can you give an example? In both cases, you have t

Re: Feature or Flaw?

* Lance James: >>Couldn't you just copy (or proxy all content) and get the same effect >>without using frames at all? > How would you go about doing that and still get the SSL Lock to remain > as the banks? Can you give an example? In both cases, you have the SSL lock on your own certificate.

Re: Feature or Flaw?

Florian Weimer wrote: * Lance James: Feature, or flaw? Couldn't you just copy (or proxy all content) and get the same effect without using frames at all? How would you go about doing that and still get the SSL Lock to remain as the banks? Can you give an example? Maybe I'm j

Re: Feature or Flaw?

Amir Herzberg wrote: Lance James wrote: ... > https://slam.securescience.com/threats/mixed.html This site is set so that there is a frame of https://www.bankone.com inside my https://slam.securescience.com/threats/mixed.html site. The imaginative part is that you may have to reverse the ro

Re: Feature or Flaw?

* Lance James: > Feature, or flaw? Couldn't you just copy (or proxy all content) and get the same effect without using frames at all? Maybe I'm just missing something. - The Cryptography Mailing List Unsubscribe by sending "uns

Re: Feature or Flaw?

Lance James wrote: ... > https://slam.securescience.com/threats/mixed.html This site is set so that there is a frame of https://www.bankone.com inside my https://slam.securescience.com/threats/mixed.html site. The imaginative part is that you may have to reverse the rolls to understand the i