Re: Security certificate negation by content provider

[Dave Ahmed <da () securityfocus com>]

On Sat, 25 Aug 2001, Eddie Chandler wrote:

> 1)  problem description:
>
>       Content provider realnames.com removes security certificate
>       after padding with its advertising.

Hmm, doesn't look like that is the case.  The problem seems to
be that the lock doesn't appear in the browser and there is no dialog when
one of the inner frame's contents originates from an https server (at
least not with my IE security settings).  If you view the properties of the
order page frame you will see that it is https with a valid certificate.

Dave Ahmad
Security Focus
www.securityfocus.com