[WEB SECURITY] SSL does not = a secure website

Brian Eaton eaton.lists at gmail.com
Wed Mar 29 09:56:20 EST 2006


On 3/29/06, Ryan Barnett <rcbarnett at gmail.com> wrote:
> While these tangents are interesting, my original question is still
> unanswered.  Does anyone have any references to news stories, etc...
> about attackers sniffing user's web data and then using it?
>
> This is not a questions of whether sniffing is a real threat, it is.
> This is a question of having verifiable proof that this is happening
> in order to "convert" the unbelievers.  We have verifiable proof that
> credit card data is being pilfered in other ways (keyloggers, access
> to DB, etc...).  Check out the WASC Web Hacking Incident Database for
> news stories -
> http://www.webappsec.org/projects/whid/list_class_sql_injection.shtml

Well, there was this incident:

http://isc.sans.org/diary.php?storyid=1118

Regards,
Brian

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list