WebApp Sec mailing list archives
Re: Should login pages be protected by SSL?
From: Amir Herzberg <herzbea () macs biu ac il>
Date: Tue, 21 Jun 2005 09:41:42 +0200
A.D. Douma wrote:
Just a quick comment here, Since when do SSL certificates protect a user against MITM attacks.True it makes it harder to perform a MITM attack, but it is still very much possible.
I was referring to SSL protocol, not just the certificate, of course. But assuming this is also what you meant... Can you explain what way you know of doing successful MITM attack on SSL session?
-- Best regards, Amir Herzberg Associate Professor Department of Computer Science Bar Ilan University http://AmirHerzberg.com Hall Of Shame of Unprotected Login pages: http://AmirHerzberg.com/shame.html
Current thread:
- Re: Should login pages be protected by SSL?, (continued)
- Re: Should login pages be protected by SSL? Amir Herzberg (Jun 21)
- Re: Should login pages be protected by SSL? Achim Hoffmann (Jun 21)
- RE: Should login pages be protected by SSL? maburns (Jun 20)
- Re: Should login pages be protected by SSL? Amir Herzberg (Jun 21)
- Re: Should login pages be protected by SSL? Torsten Mueller (Jun 21)
- RE: Should login pages be protected by SSL? Almerindo Graziano (Jun 21)
- Webapp-level protection/detection of Pharming attacks WebAppSecurity [Technicalinfo.net] (Jun 21)
- Re: Should login pages be protected by SSL? Amir Herzberg (Jun 21)
- Re: Should login pages be protected by SSL? Steve Shah (Jun 21)
- Re: Should login pages be protected by SSL? Amir Herzberg (Jun 21)
- Re: Should login pages be protected by SSL? Steve Shah (Jun 21)
- RE: Should login pages be protected by SSL? Glenn Euloth (Jun 22)
- Re: Should login pages be protected by SSL? James Barkley (Jun 23)
- Re: Should login pages be protected by SSL? Saqib Ali (Jun 23)
- Re: Should login pages be protected by SSL? Eoin Keary (Jun 24)