On 11/07/2008 11:21 PM, Nelson B Bolyard:
I will add that, while MITMs have historically been very rare, they are
on the upswing. I see two broad areas where MITM attacks are on the
increase, and they're both directed at the user, not the server.
One must recognize the fact that MITM attacks w
Iang wrote, On 2008-11-07 08:22:
> Bernie Sumption wrote:
>> How about an MITM detection service that gives no false positives, but
>> might give false negatives? If you positively identify an MITM attack,
>> you can present users with a much more definite UI saying "this *is*
>> an MITM attack" a
Bernie Sumption wrote:
If we create an error display that says "No kidding, this absolutely
is an attack and we're stopping you cold to protect you from it."
it seems unavoidable that users will learn to treat the absence
of such an unbypassable error display as proof to the contrary,
proof that
Bernie Sumption wrote:
If we create an error display that says "No kidding, this absolutely
is an attack and we're stopping you cold to protect you from it."
it seems unavoidable that users will learn to treat the absence
of such an unbypassable error display as proof to the contrary,
proof that
Bernie Sumption wrote:
Graham, Nelson, Eddy, you all make good points.
I'll take your word for it that it's impossible to detect MITM attacks
with 100% reliability, as I said I'm not a security expert.
How about an MITM detection service that gives no false positives, but
might give false negat
Eddy Nigg wrote:
On 11/07/2008 05:18 AM, Kyle Hamilton:
So, essentially, what you're saying is that it was a targeted attack
against a user, instead of an attack targeted against a server?
What is an attack targeted against a server in the context of browsers
and MITMs?
Possibly, it is mu
On Thu, Nov 6, 2008 at 11:18 PM, Martin Paljak <[EMAIL PROTECTED]> wrote:
> Hi!
>
> Anyone knows the implemented PKCS#11 versions in NSS versions used in
> Firefox 2.x and 3.x? Is it PKCS#11 v2.11 or 2.20 ?
It is PKCS #11 v2.20.
Wan-Teh
___
dev-tech-cry
> If we create an error display that says "No kidding, this absolutely
> is an attack and we're stopping you cold to protect you from it."
> it seems unavoidable that users will learn to treat the absence
> of such an unbypassable error display as proof to the contrary,
> proof that the site is gen
On 11/07/2008 05:18 AM, Kyle Hamilton:
So, essentially, what you're saying is that it was a targeted attack
against a user, instead of an attack targeted against a server?
What is an attack targeted against a server in the context of browsers
and MITMs?
--
Regards
Signer: Eddy Nigg, Start
9 matches
Mail list logo