-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Michal,
On Thu, Jun 08, 2006 at 10:48:18PM +0200, Michal Zalewski wrote:
[...]
Commercial SSL VPNs are a fairly recent technology that has a
considerable appeal to various corporations. Because of its novelty,
however, in a typical setup
On Fri, 9 Jun 2006, E Mintz wrote:
How about some real-world, application specific exploits?
There's an example of a XSS that can be used to compromise Cisco Web VPN
session in the text.
So, please show me an example of an actual compromise and I'll listen.
Otherwise, put up, or shut up!
How about some real-world, application specific exploits?
SSL VPN is hardly a 'novelty' or 'recent' technology. I implemented my
first SSL VPN in '99 at a large financial, and it is still in
production, and secure
So, please show me an example of an actual compromise and I'll listen.
Otherwise,
Very good information, we use F5 firepass products and I could see the same
issue inherinet in your statements. The benefits to the business, from a cost
perspective, are many, no need for tokens unless you are doing 2-factor auth,
which I encourage as it will check your personal PIN against
On 8 Jun 2006 at 22:48, Michal Zalewski wrote:
Web VPN or SSL VPN is a term used to denote methods for accessing
company's internal applications with a bare WWW browser, with the use of
browser-based SSO authentication and SSL tunneling. As opposed to IPSec,
no additional software or