Full Disclosure mailing list archives
Intercepting Southern California Gas Company user credentials... (socalgas.com)
From: Kristian Erik Hermansen <kristian.hermansen () gmail com>
Date: Fri, 21 Aug 2009 13:40:07 -0700
...should be pretty easy ;-) Company has been notified many times privately of this issue, but they appear incompetent. Time for public shaming. """ $ sslscan myaccount.socalgas.com | grep NULL Accepted SSLv3 0 bits NULL-SHA Accepted SSLv3 0 bits NULL-MD5 Accepted TLSv1 0 bits NULL-SHA Accepted TLSv1 0 bits NULL-MD5 """ NULL cipher SSL/TLS presents the illusion of security and customers should be aware that their credentials are easily intercepted. Wanna shut off someone's gas in Los Angeles? :-) -- Kristian Erik Hermansen _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Intercepting Southern California Gas Company user credentials... (socalgas.com) Kristian Erik Hermansen (Aug 21)