funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Citibank hacked by URL fuzzing?

From: RL Vaughn <rl_vaughn () baylor edu>
Date: Tue, 14 Jun 2011 23:11:48 -0500
On 6/14/11 5:01 PM, Peter Kosinar wrote:

It's called "sarcasm".  No security professional could have *possibly*
predicted that using a URL that looks like

https://www.big-bank.com/account=134233433

could possibly be attacked, and it's *so* hard to design your web
interface to prepare for that sort of session hijacking....


What are you talking about?! It has the magic "s" after "http", 
which means "Secure".

Peter
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


Indeed.  That final s makes all the difference

Randys:://

-- 
            .::.::.::.
           ::         :.
        -:.'             :
        ::               :.
       .::               ::
       .:.               ::
       .:.               ::
       . :                .
  ,,,,;.;;,,,,,,,,,,,,,,.;;;.,,
  ;zzzzzzzzzzzzzzzzzzzzzzzzzzzz.
  ;zzzzzzzzzzzzzzzzzzzzzzzzzzzz.
  :zzzzzzzzzzzzzzzzzzzzzzzzzzzz.
  ::=!:=!!=:!=:==:=!:=!!=:==:==.
  ::.::.:: :::::::.:: :: ::::::
  ::.::.:: ::.:.::.::.::.:.::.:
  ::.:: :: :: :.::.:: :: :: :.:
  :zzzzzzzzzzzzzzzzzzzzzzzzzzzz.
  :zzzzzzzzzzzzzzzzzzzzzzzzzzzz.
  :zzzzzzzzzzzzzzzzzzzzzzzzzzzz.

This lock means you can trust me with
          your credit card
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: