WebApp Sec mailing list archives
Re: Re: OT: Inserting Ads without breaking the SSL
From: 7269 () sagedrive com
Date: 27 Apr 2006 06:48:57 -0000
I tried it in Sunnyvale. Looks to me like Metrofi free service breaks the SSL. The "lock" icon on the browser is not there, and the URL the browser shows has been mangled and has no "https" in it. My guess is they run a proxy in their network that acts as the SSL endpoint, and the connection between user and proxy is unsecured HTTP. If I'm right, this is a major nastiness to spring on unsuspecting users. Sites that the user normally uses in SSL mode -- email, banking, etc. -- are exposed both over the air and on Metrofi's network. I hope I'm wrong. ------------------------------------------------------------------------- Sponsored by: Watchfire Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. Change the way you think about application security testing - See for yourself. Download a Free Trial of AppScan 6.0 today! https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF --------------------------------------------------------------------------
Current thread:
- OT: Inserting Ads without breaking the SSL Saqib Ali (Apr 21)
- Re: OT: Inserting Ads without breaking the SSL Jason (Apr 22)
- Re: OT: Inserting Ads without breaking the SSL Saqib Ali (Apr 22)
- Re: OT: Inserting Ads without breaking the SSL Jason (Apr 22)
- Re: OT: Inserting Ads without breaking the SSL Zaninotti, Thiago (Apr 24)
- Re: OT: Inserting Ads without breaking the SSL Saqib Ali (Apr 22)
- Re: OT: Inserting Ads without breaking the SSL Jason (Apr 22)
- Re: OT: Inserting Ads without breaking the SSL Anthony Ettinger (Apr 22)
- Re: OT: Inserting Ads without breaking the SSL Andrew van der Stock (Apr 22)
- <Possible follow-ups>
- Re: Re: OT: Inserting Ads without breaking the SSL 7269 (Apr 27)
- Re: OT: Inserting Ads without breaking the SSL Jason (Apr 27)
- Re: Re: OT: Inserting Ads without breaking the SSL 7269 (Apr 27)
- Re: OT: Inserting Ads without breaking the SSL elawford (May 01)
- Re: OT: Inserting Ads without breaking the SSL Saqib Ali (Jun 12)