On 11/07/2008 05:18 AM, Kyle Hamilton:
So, essentially, what you're saying is that it was a targeted attack
against a user, instead of an attack targeted against a server?
What is an attack targeted against a server in the context of browsers
and MITMs?
--
Regards
Signer: Eddy Nigg,
If we create an error display that says No kidding, this absolutely
is an attack and we're stopping you cold to protect you from it.
it seems unavoidable that users will learn to treat the absence
of such an unbypassable error display as proof to the contrary,
proof that the site is genuine
On Thu, Nov 6, 2008 at 11:18 PM, Martin Paljak [EMAIL PROTECTED] wrote:
Hi!
Anyone knows the implemented PKCS#11 versions in NSS versions used in
Firefox 2.x and 3.x? Is it PKCS#11 v2.11 or 2.20 ?
It is PKCS #11 v2.20.
Wan-Teh
___
dev-tech-crypto
Eddy Nigg wrote:
On 11/07/2008 05:18 AM, Kyle Hamilton:
So, essentially, what you're saying is that it was a targeted attack
against a user, instead of an attack targeted against a server?
What is an attack targeted against a server in the context of browsers
and MITMs?
Possibly, it is
Bernie Sumption wrote:
Graham, Nelson, Eddy, you all make good points.
I'll take your word for it that it's impossible to detect MITM attacks
with 100% reliability, as I said I'm not a security expert.
How about an MITM detection service that gives no false positives, but
might give false
Bernie Sumption wrote:
If we create an error display that says No kidding, this absolutely
is an attack and we're stopping you cold to protect you from it.
it seems unavoidable that users will learn to treat the absence
of such an unbypassable error display as proof to the contrary,
proof that
Bernie Sumption wrote:
If we create an error display that says No kidding, this absolutely
is an attack and we're stopping you cold to protect you from it.
it seems unavoidable that users will learn to treat the absence
of such an unbypassable error display as proof to the contrary,
proof that
Iang wrote, On 2008-11-07 08:22:
Bernie Sumption wrote:
How about an MITM detection service that gives no false positives, but
might give false negatives? If you positively identify an MITM attack,
you can present users with a much more definite UI saying this *is*
an MITM attack and giving
On 11/07/2008 11:21 PM, Nelson B Bolyard:
I will add that, while MITMs have historically been very rare, they are
on the upswing. I see two broad areas where MITM attacks are on the
increase, and they're both directed at the user, not the server.
One must recognize the fact that MITM attacks
9 matches
Mail list logo
