Full Disclosure mailing list archives

Re: HTTP AUTH BASIC monowall.

From: Tim <tim-security () sentinelchicken org>
Date: Mon, 13 Mar 2006 18:04:10 -0500

You said this is a firewall box. Most "appliances" I've seen use 
self-signed SSL certs which don't validate anyway -- so you're ALREADY 
used to clicking "ok" on the warning. Therein lies the danger I suppose.


Exactly.  This is probably why Simon is confused.  However, if he
verifies the fingerprint/hash of the certificate once (by walking over
to his firewall and reading it off the terminal), then he permanently
trusts it in his browser, then he'll be pretty safe from then on.

tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Re: HTTP AUTH BASIC monowall., (continued)
- - - Re: Re: HTTP AUTH BASIC monowall. greybrimstone (Mar 15)
    - Re: Re: HTTP AUTH BASIC monowall. Dave Korn (Mar 16)
    - Re: Re: Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 16)
    - Re: HTTP AUTH BASIC monowall. Steffen Kluge (Mar 13)
    - Re: HTTP AUTH BASIC monowall. Tim (Mar 13)
    - Re: HTTP AUTH BASIC monowall. Valdis . Kletnieks (Mar 14)
    - Re: HTTP AUTH BASIC monowall. Tim (Mar 14)
- Re: HTTP AUTH BASIC monowall. Tim (Mar 13)
  - Re: HTTP AUTH BASIC monowall. Jim Popovitch (Mar 13)
- Re: HTTP AUTH BASIC monowall. Michael Holstein (Mar 13)
  - Re: HTTP AUTH BASIC monowall. Tim (Mar 13)
- Re: HTTP AUTH BASIC monowall. Dave Korn (Mar 15)
- HTTP AUTH BASIC monowall. Brian Eaton (Mar 17)
  - Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 17)