WebApp Sec mailing list archives

Re: Re: Defending users of unprotected login pages with TrustBar 0.4.9.93

From: mike03051 () yahoo com
Date: 19 Sep 2005 14:30:01 -0000


Amir,

As I suspected, the hall-of-shame posted on Amir's site may be a bit misguided since these pages do in-fact submit 
HTTPS (SSL) logins.

JL,

Non-microsoft-OS like Apple, or Linux, or Amiga ?

What is likely to be the case is that they block any unusual headers. Automated bots send weird/wacky headers and this 
is one way to block attacks. I have no idea how effective it would be.

TrustBar plays no role in subiting pages, so no I don't think it would address this problem in the least.

Mike

Current thread:

Defending users of unprotected login pages with TrustBar 0.4.9.93 Amir Herzberg (Sep 19)
- <Possible follow-ups>
- Re: Defending users of unprotected login pages with TrustBar 0.4.9.93 mike03051 (Sep 19)
  - Re: Defending users of unprotected login pages with TrustBar 0.4.9.93 Nathan Jackson-Eeles (Sep 19)
- Re: Defending users of unprotected login pages with TrustBar 0.4.9.93 J. Lambrecht (Sep 19)
- Re: Re: Defending users of unprotected login pages with TrustBar 0.4.9.93 mike03051 (Sep 19)
  - Re: Re: Defending users of unprotected login pages with TrustBar 0.4.9.93 Peter Conrad (Sep 20)
- Re: Re: Defending users of unprotected login pages with TrustBar 0.4.9.93 mike03051 (Sep 20)