Re: A little guidance...

[dagon () DAGON NET (Mark Rafn)]

On Tue, 30 May 2000, Bill Pennington wrote:

> My question is, should I even bother putting this out? I researched some
> archives and while I found a number of e-commerce shopping cart
> vulnerabilities, none mentioned this particular method. I have contacted
> the site in question but they seem to be clueless. ("All CC#s are over
> SSL so we are safe!!" argg!) So is the fact you need a sniffer (or a
> proxy server would work as well I guess, hmmmm) to exploit this make it
> not "worthy"?

Post it.  If it's a bad implementation that makes it easy to bypass ssl,
it's a real threat.

--
Mark Rafn    dagon () dagon net    <http://www.dagon.net/>   !G