[WEB SECURITY] SSL does not = a secure website

Ryan Barnett rcbarnett at gmail.com
Wed Mar 29 08:51:11 EST 2006


While these tangents are interesting, my original question is still
unanswered.  Does anyone have any references to news stories, etc...
about attackers sniffing user's web data and then using it?

This is not a questions of whether sniffing is a real threat, it is. 
This is a question of having verifiable proof that this is happening
in order to "convert" the unbelievers.  We have verifiable proof that
credit card data is being pilfered in other ways (keyloggers, access
to DB, etc...).  Check out the WASC Web Hacking Incident Database for
news stories -
http://www.webappsec.org/projects/whid/list_class_sql_injection.shtml

--
Ryan C. Barnett
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor: Securing Apache
GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list