how can you verify that the site you get is not a fake?
Matthew Miller
mattdm at mattdm.org
Mon Jun 6 13:50:17 UTC 2005
On Mon, Jun 06, 2005 at 03:38:58PM +0200, Felipe Alfaro Solana wrote:
> Nah! That's not enough... many web browsers are vulnerable to
> cross-site scripting code. I've seen some real proof-of-concept web
> sites that, by using a main frame protected via HTTP/S and a valid SSL
> certificate, where vulnerable to cross-site scripting-like attacks
> that were able to insert fake pages into a subframe without the web
> browser even alerting about it.
If there's a security vulnerability in your applications, all bets are off.
--
Matthew Miller mattdm at mattdm.org <http://www.mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
Current office temperature: 80 degrees Fahrenheit.
More information about the users
mailing list