WebApp Sec mailing list archives

Re: Mitm new?

From: mikeiscool <michaelslists () gmail com>
Date: Thu, 17 Aug 2006 10:42:08 +1000

On 8/15/06, Jeff Robertson <jeff.robertson () digitalinsight com> wrote:

Why are man-in-the-middle phishing sites suddenly talked about as a
"new" threat, as if there was rocket science involved?

For instance
http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs
_2factor_1.html


... it's a news site. Why are you surprised that they are making
something of nothing?

Anyway, almost every vulnerability trumped up is old. xss is old, but
look how excited everyone gets by it? Just a fact of life in the world
of web security ...

These things are basically proxies, which are as old as the web. Why
does it surprise anyone to see these combined with phishing? (Then
again, I still haven't figured out why phishing as we know it didn't
"take off" circa 1994)

Jeff Robertson
Manager of Web Application Security
Digital Insight


-- mic

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire was recently named the worldwide market leader in Webapplication security assessment tools by both Gartner and IDC.Download a free trial of AppScan today and see why more customers chooseAppScan then any other solution. Try it today!https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB

--------------------------------------------------------------------------

Current thread:

Mitm new? Jeff Robertson (Aug 16)
- Re: Mitm new? Rogan Dawes (Aug 18)
- Re: Mitm new? mikeiscool (Aug 18)
- Re: Mitm new? Nick Owen (Aug 18)
- <Possible follow-ups>
- Re: Mitm new? ROB DIXON (Aug 18)