Full Disclosure mailing list archives
Re: Is This MITM Attack to Gmail's SSL ?
From: Nick Semenkovich <semenko () alum mit edu>
Date: Mon, 29 Aug 2011 18:04:03 -0500
You'll note that later versions of Chrome protect against this via HTTP Strict Transport Security. http://www.chromium.org/sts http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02 Google includes their cert fingerprints (see kGoogleAcceptableCerts) in: http://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc?view=markup In chrome: chrome://net-internals/#hsts - semenko On Mon, Aug 29, 2011 at 5:38 PM, Ferenc Kovacs <tyra3l () gmail com> wrote:
http://www.google.co.uk/support/forum/p/gmail/thread?tid=2da6158b094b225a&hl=en any thoughts? -- Ferenc Kovács @Tyr43l - http://tyrael.hu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Is This MITM Attack to Gmail's SSL ? Ferenc Kovacs (Aug 29)
- Re: Is This MITM Attack to Gmail's SSL ? coderman (Aug 29)
- Re: Is This MITM Attack to Gmail's SSL ? coderman (Aug 29)
- Re: Is This MITM Attack to Gmail's SSL ? Jeffrey Walton (Aug 30)
- Re: Is This MITM Attack to Gmail's SSL ? Ferenc Kovacs (Aug 30)
- Re: Is This MITM Attack to Gmail's SSL ? coderman (Aug 29)
- Re: Is This MITM Attack to Gmail's SSL ? coderman (Aug 29)
- Re: Is This MITM Attack to Gmail's SSL ? Nick Semenkovich (Aug 30)
- Re: Is This MITM Attack to Gmail's SSL ? Mark Felder (Aug 30)