WebApp Sec mailing list archives
Who's afraid of Mallory Wolf?
From: Ace123 <flace9 () gmail com>
Date: Mon, 30 Jan 2006 22:17:48 +0530
I came across this article http://iang.org/ssl/mallory_wolf.html which is the third in google search's response to "ssl mitm". It says there havent been any (major?) SSL MITM attacks so far (Article is dated Mar 2003), and so spending on buying a ssl server cert is just waste of money. I am no way convinced with this guy's argument, but to think of it - are there any real world SSL MITM attacks recorded in the recent history that caused a severe damage to anyone? thanks! ------------------------------------------------------------------------- This List Sponsored by: Watchfire Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today. https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh --------------------------------------------------------------------------
Current thread:
- Who's afraid of Mallory Wolf? Ace123 (Jan 30)
- Re: Who's afraid of Mallory Wolf? Andrew van der Stock (Jan 30)
- Re: Who's afraid of Mallory Wolf? Erwan Legrand (Jan 31)