Firewall Wizards mailing list archives
Re: On The Topic of HTTPS...
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Sat, 11 Dec 2004 23:38:03 -0500 (EST)
************************************************************************* SANS NewsBites Dec. 8, 2004 Vol. 6, Num. 49 ************************************************************************* --Universities Warn of Spyware-Like Application; Some Block Network Connections to its Servers (6 December/30 November 2004) IMesh, which makes a filesharing program, has begun bundling the Marketscore application along with its product. Marketscore routes all traffic through its servers where it is analyzed in order to create research reports; it also claims to speed up users' Internet interaction. Marketscore is able to view encrypted traffic, such as passwords and account numbers, which presents security concerns. Several universities around the United States have blocked connections from school networks to Marketscore servers, angering some students. http://www.computerworld.com/printthis/2004/0,4814,97936,00.html http://www.wired.com/news/print/0,1294,65906,00.html [Editor's Note (Pescatore): It is a no-brainer that any random 3rd party site that is proxying SSL connections should be on the banned list. There is absolutely no way they are doing any caching that is improving SSL sessions, they can't even claim that as a benefit.] Thanks, Ron DuFresne On Tue, 7 Dec 2004, Josh Welch wrote:
It appears that one company who's spyware is bundled with at least one p2p app has perfected the man in the middle attack. From the marketscore.com website We respect your privacy, we just want to know a little about you to help our customers, blah blah blah... "Marketscore's proprietary and patent pending technology allows us to see the details of secure pages while protecting such content from parties other than the site to which you are connected..." This is a lovely development. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com ...Love is the ultimate outlaw. It just won't adhere to rules. The most any of us can do is sign on as it's accomplice. Instead of vowing to honor and obey, maybe we should swear to aid and abet. That would mean that security is out of the question. The words "make" and "stay" become inappropriate. My love for you has no strings attached. I love you for free... -Tom Robins <Still Life With Woodpecker> _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- On The Topic of HTTPS... Josh Welch (Dec 11)
- Re: On The Topic of HTTPS... R. DuFresne (Dec 12)