|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Re: OT: Inserting Ads without breaking the SSL
7269
sagedrive.com
Date: Thu Apr 27 2006 - 01:48:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I tried it in Sunnyvale. Looks to me like Metrofi free service breaks the SSL. The "lock" icon on the browser is not there, and the URL the browser shows has been mangled and has no "https" in it. My guess is they run a proxy in their network that acts as the SSL endpoint, and the connection between user and proxy is unsecured HTTP.
If I'm right, this is a major nastiness to spring on unsuspecting users. Sites that the user normally uses in SSL mode -- email, banking, etc. -- are exposed both over the air and on Metrofi's network. I hope I'm wrong.
-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. Change the way you
think about application security testing - See for yourself.
Download a Free Trial of AppScan 6.0 today!
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]