funsec mailing list archives
Re: Citibank hacked by URL fuzzing?
From: RL Vaughn <rl_vaughn () baylor edu>
Date: Tue, 14 Jun 2011 23:11:48 -0500
On 6/14/11 5:01 PM, Peter Kosinar wrote:
It's called "sarcasm". No security professional could have *possibly* predicted that using a URL that looks like https://www.big-bank.com/account=134233433 could possibly be attacked, and it's *so* hard to design your web interface to prepare for that sort of session hijacking....What are you talking about?! It has the magic "s" after "http", which means "Secure". Peter _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Indeed. That final s makes all the difference Randys::// -- .::.::.::. :: :. -:.' : :: :. .:: :: .:. :: .:. :: . : . ,,,,;.;;,,,,,,,,,,,,,,.;;;.,, ;zzzzzzzzzzzzzzzzzzzzzzzzzzzz. ;zzzzzzzzzzzzzzzzzzzzzzzzzzzz. :zzzzzzzzzzzzzzzzzzzzzzzzzzzz. ::=!:=!!=:!=:==:=!:=!!=:==:==. ::.::.:: :::::::.:: :: :::::: ::.::.:: ::.:.::.::.::.:.::.: ::.:: :: :: :.::.:: :: :: :.: :zzzzzzzzzzzzzzzzzzzzzzzzzzzz. :zzzzzzzzzzzzzzzzzzzzzzzzzzzz. :zzzzzzzzzzzzzzzzzzzzzzzzzzzz. This lock means you can trust me with your credit card _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Citibank hacked by URL fuzzing? Robert Slade (Jun 14)
- Re: Citibank hacked by URL fuzzing? Jeffrey Walton (Jun 14)
- Re: Citibank hacked by URL fuzzing? Valdis . Kletnieks (Jun 14)
- Re: Citibank hacked by URL fuzzing? Peter Kosinar (Jun 14)
- Re: Citibank hacked by URL fuzzing? RL Vaughn (Jun 14)
- Re: Citibank hacked by URL fuzzing? Valdis . Kletnieks (Jun 14)
- Re: Citibank hacked by URL fuzzing? Jeffrey Walton (Jun 14)
- Re: Citibank hacked by URL fuzzing? Peter Kosinar (Jun 14)
- Re: Citibank hacked by URL fuzzing? Drsolly (Jun 15)
- Re: Citibank hacked by URL fuzzing? security curmudgeon (Jun 15)
- Re: Citibank hacked by URL fuzzing? Drsolly (Jun 15)
- Re: Citibank hacked by URL fuzzing? Larry Seltzer (Jun 15)
- Re: Citibank hacked by URL fuzzing? Nick FitzGerald (Jun 15)
- Re: Citibank hacked by URL fuzzing? security curmudgeon (Jun 15)
- Re: Citibank hacked by URL fuzzing? James Triplett (Jun 15)
- Re: Citibank hacked by URL fuzzing? Valdis . Kletnieks (Jun 15)
- Re: Citibank hacked by URL fuzzing? Brance Amussen (Jun 15)