Vulnerability Development mailing list archives
Re: Remembering Passwords in IE
From: 11a () GMX NET (Bluefish)
Date: Wed, 5 Apr 2000 14:07:45 +0200
LOL! Is this really true? (I haven't experimented much in this field). If it is, what else can you do than have a laugh at commercial "security"? It would seem that lack of warnings in IE totally renders the use of https (to protect against fraudalent systems) to a complete waste of time? Could you please send more details? Using a somewhat new version of IE, I get the following warnings when trying to access a "snakeoil-certified" server: 1. issued by a company you don't trust, 2. name of the site does not match name of certificate. It would be possible to avoid this problems you mean, and still use the https protocoll? If so, how? Of course, you could always move the https parts to http. Unless the entire site is normally available only via https, the avarage user is not likely to note the difference...
Unfortunately https doesn't help any either, because IE doesn't rigourously enforce that a site and it's certifcate match. Netscape at least prompts your, but gives you a checkbox for "don't ask this again"....doh!
..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team
Current thread:
- Re: Remembering Passwords in IE Mikael Olsson (Apr 01)
- Re: Remembering Passwords in IE Bluefish (Apr 02)
- Re: Remembering Passwords in IE Mikael Olsson (Apr 02)
- Re: Remembering Passwords in IE Dom De Vitto (Apr 04)
- Re: Remembering Passwords in IE Bluefish (Apr 05)
- Re: Remembering Passwords in IE Dom De Vitto (Apr 05)
- Re: Remembering Passwords in IE Scott Renfro (Apr 06)
- Re: Remembering Passwords in IE Bluefish (Apr 02)
- <Possible follow-ups>
- Re: Remembering Passwords in IE Hal Lockhart (Apr 07)
- Re: Remembering Passwords in IE Scott Renfro (Apr 07)
- Re: Remembering Passwords in IE Matthew S. Hallacy (Apr 07)
- Re: Remembering Passwords in IE Bob (Apr 08)
- Re: Remembering Passwords in IE Dom De Vitto (Apr 10)
- Re: Remembering Passwords in IE Bluefish (Apr 11)