Vulnerability Development mailing list archives
Re: A little guidance...
From: dagon () DAGON NET (Mark Rafn)
Date: Wed, 31 May 2000 08:16:20 -0700
On Tue, 30 May 2000, Bill Pennington wrote:
My question is, should I even bother putting this out? I researched some archives and while I found a number of e-commerce shopping cart vulnerabilities, none mentioned this particular method. I have contacted the site in question but they seem to be clueless. ("All CC#s are over SSL so we are safe!!" argg!) So is the fact you need a sniffer (or a proxy server would work as well I guess, hmmmm) to exploit this make it not "worthy"?
Post it. If it's a bad implementation that makes it easy to bypass ssl, it's a real threat. -- Mark Rafn dagon () dagon net <http://www.dagon.net/> !G
Current thread:
- A little guidance... Bill Pennington (May 30)
- Re: A little guidance... Brian Kifiak (May 30)
- Re: A little guidance... John Kinsella (May 30)
- Re: A little guidance... Bill Pennington (May 31)
- Re: A little guidance... Mark Rafn (May 31)