Vulnerability Development mailing list archives

Re: Secure Yahoo logins

From: David Schwartz <davids () webmaster com>
Date: Tue, 27 Aug 2002 21:02:57 -0700

My other question is if the passwords are encrypted why do they offer a
secure login
option? How does that increase security, other than adding a brief ssl
session.


        Because otherwise a man-in-the-middle could serve you a web page that didn't
do any fancy hashing. ;)

        DS

Current thread:

Secure Yahoo logins Jeremy (Aug 27)
- Re: Secure Yahoo logins Roland Postle (Aug 27)
  - Re: Secure Yahoo logins David Schwartz (Aug 27)
- Re: Secure Yahoo logins John Madden (Aug 27)
  - Re: Secure Yahoo logins Roland Postle (Aug 28)
- Re: Secure Yahoo logins Nick Jacobsen (Aug 27)
  - Re: Secure Yahoo logins David Thiel (Aug 27)
    - Re: Secure Yahoo logins Nick Jacobsen (Aug 28)
    - Re: Secure Yahoo logins David Thiel (Aug 28)
    - Re: Secure Yahoo logins Steve Bremer (Aug 28)
- <Possible follow-ups>
- Re: Secure Yahoo logins Alan McCaig (Aug 28)
- Re: Secure Yahoo logins Chris Caydes (Aug 28)
- Re: Secure Yahoo logins Chris Caydes (Aug 28)

(Thread continues...)