lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 29 Aug 2011 18:04:03 -0500 From: Nick Semenkovich <semenko@...m.mit.edu> To: Ferenc Kovacs <tyra3l@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Is This MITM Attack to Gmail's SSL ? You'll note that later versions of Chrome protect against this via HTTP Strict Transport Security. http://www.chromium.org/sts http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02 Google includes their cert fingerprints (see kGoogleAcceptableCerts) in: http://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc?view=markup In chrome: chrome://net-internals/#hsts - semenko On Mon, Aug 29, 2011 at 5:38 PM, Ferenc Kovacs <tyra3l@...il.com> wrote: > http://www.google.co.uk/support/forum/p/gmail/thread?tid=2da6158b094b225a&hl=en > > any thoughts? > > -- > Ferenc Kovács > @Tyr43l - http://tyrael.hu > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists