|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Gerardo Di Giacomo (gerardo
linux.it)
Date: Wed Feb 06 2008 - 12:05:48 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
It's true that with MITM you could "poison" the javascript to steal the
key (cookie stealing style) but I think that it's a reasonable risk due
to the "non-enterprise" environment, in which the suite has been thought
for. Stealing the key requires a targeted attack MITM, in a precise moment.
I think it's better to use JaPCrypt then normal HTTP... and don't forget
that all pages "protected" with JaPCrypt won't be indexed by crawlers.
The "main" problem by now is not massive MITM but massive sniffing, and
with this suite the problem of "mass-sniffing" is avoided.
Regards,
Gerardo
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- application/pgp-signature attachment: OpenPGP digital signature
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]