Full Disclosure mailing list archives
Looking for some input
From: Shannon Johnston <sjohnston () libertysite com>
Date: Thu, 27 May 2004 10:40:17 -0600
I posted this on the Dshield list a couple of days ago. Sorry to those of you who are seeing this again. I'm looking for some input from the community at large on an issue that has been bothering me for a while. The institution where I do my banking has a login to an internet banking page. While the login goes to an SSL enabled site, the login page is on a non-SSL site. My question is: Doesn't this leave the members of the institution open to phishing via DNS cache poisoning? Doesn't this defeat the endpoint verification piece of an SSL certificate? I'm looking for general input on this, so any replies are appreciated. Thank you, Shannon Johnston _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Looking for some input Shannon Johnston (May 27)
- Re: Looking for some input Valdis . Kletnieks (May 27)