oss-sec mailing list archives
Re: attacking hsts through ntp
From: Hanno Böck <hanno () hboeck de>
Date: Thu, 16 Oct 2014 22:38:33 +0200
Am Thu, 16 Oct 2014 14:34:25 -0600 schrieb Kurt Seifried <kseifried () redhat com>:
I did not know that. One concern I have is also HSTS has no tools to manage them in browsers, at least when I last checked, has that changed? There is some room for DoS due to this on the client side.
chrome://net-internals/#hsts Not pretty or easy to use, but helps debugging stuff (especially with HPKP which is quite picky when you do it wrong). I don't know about Firefox or others. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
signature.asc
Description:
Current thread:
- attacking hsts through ntp Hanno Böck (Oct 16)
- Re: attacking hsts through ntp Kurt Seifried (Oct 16)
- Re: attacking hsts through ntp Lukas Reschke (Oct 16)
- Re: attacking hsts through ntp Hanno Böck (Oct 16)
- Re: attacking hsts through ntp Kurt Seifried (Oct 16)
- Re: attacking hsts through ntp Hanno Böck (Oct 16)
- Re: attacking hsts through ntp Kurt Seifried (Oct 16)
- Re: attacking hsts through ntp Michal Zalewski (Oct 16)
- Re: attacking hsts through ntp Hanno Böck (Oct 16)
- Re: attacking hsts through ntp Adam Langley (Oct 16)
- Re: attacking hsts through ntp Kurt Seifried (Oct 16)
- Re: attacking hsts through ntp Kurt Seifried (Oct 16)
- Re: attacking hsts through ntp Hanno Böck (Oct 17)
- Re: attacking hsts through ntp Yves-Alexis Perez (Oct 17)
- Re: attacking hsts through ntp Stephen Röttger (Oct 17)
- Re: attacking hsts through ntp Yves-Alexis Perez (Oct 18)