oss-sec mailing list archives

Re: attacking hsts through ntp

From: Hanno Böck <hanno () hboeck de>
Date: Thu, 16 Oct 2014 22:38:33 +0200

Am Thu, 16 Oct 2014 14:34:25 -0600
schrieb Kurt Seifried <kseifried () redhat com>:

I did not know that. One concern I have is also HSTS has no tools to
manage them in browsers, at least when I last checked, has that
changed? There is some room for DoS due to this on the client side.


chrome://net-internals/#hsts

Not pretty or easy to use, but helps debugging stuff (especially with
HPKP which is quite picky when you do it wrong). I don't know about
Firefox or others.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: BBB51E42

Attachment: signature.asc
Description:

Current thread:

attacking hsts through ntp Hanno Böck (Oct 16)
- Re: attacking hsts through ntp Kurt Seifried (Oct 16)
  - Re: attacking hsts through ntp Lukas Reschke (Oct 16)
  - Re: attacking hsts through ntp Hanno Böck (Oct 16)
    - Re: attacking hsts through ntp Kurt Seifried (Oct 16)
    - Re: attacking hsts through ntp Hanno Böck (Oct 16)
    - Re: attacking hsts through ntp Kurt Seifried (Oct 16)
    - Re: attacking hsts through ntp Michal Zalewski (Oct 16)
    - Re: attacking hsts through ntp Hanno Böck (Oct 16)
    - Re: attacking hsts through ntp Adam Langley (Oct 16)
- Re: attacking hsts through ntp Michael Samuel (Oct 16)
  - Re: attacking hsts through ntp Kurt Seifried (Oct 16)
    - Re: attacking hsts through ntp Hanno Böck (Oct 17)
    - Re: attacking hsts through ntp Yves-Alexis Perez (Oct 17)
    - Re: attacking hsts through ntp Stephen Röttger (Oct 17)
    - Re: attacking hsts through ntp Yves-Alexis Perez (Oct 18)

(Thread continues...)