WebApp Sec mailing list archives
Re: Mitm new?
From: mikeiscool <michaelslists () gmail com>
Date: Thu, 17 Aug 2006 10:42:08 +1000
On 8/15/06, Jeff Robertson <jeff.robertson () digitalinsight com> wrote:
Why are man-in-the-middle phishing sites suddenly talked about as a "new" threat, as if there was rocket science involved? For instance http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs _2factor_1.html
... it's a news site. Why are you surprised that they are making something of nothing? Anyway, almost every vulnerability trumped up is old. xss is old, but look how excited everyone gets by it? Just a fact of life in the world of web security ...
These things are basically proxies, which are as old as the web. Why does it surprise anyone to see these combined with phishing? (Then again, I still haven't figured out why phishing as we know it didn't "take off" circa 1994) Jeff Robertson Manager of Web Application Security Digital Insight
-- mic ------------------------------------------------------------------------- Sponsored by: WatchfireWatchfire was recently named the worldwide market leader in Web application security assessment tools by both Gartner and IDC. Download a free trial of AppScan today and see why more customers choose AppScan then any other solution. Try it today! https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------
Current thread:
- Mitm new? Jeff Robertson (Aug 16)
- Re: Mitm new? Rogan Dawes (Aug 18)
- Re: Mitm new? mikeiscool (Aug 18)
- Re: Mitm new? Nick Owen (Aug 18)
- <Possible follow-ups>
- Re: Mitm new? ROB DIXON (Aug 18)