| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <02B29E15-0C08-4313-BE7D-0A5D8B22C17E@gmail.com> Date: Sun, 18 Oct 2009 21:28:02 -0400 From: "G. D. Fuego" <gdfuego@...il.com> To: Mohammad Hosein <mhtajik@...il.com> Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: Re: insecure elements in https protected pages On Oct 18, 2009, at 6:03 PM, Mohammad Hosein <mhtajik@...il.com> wrote: > in a certain web application e.g gmail there are times the whole > communication is secured by ssl and sometimes "there are insecure > elements" that raise questions . i'm not a web professional . how to > find these insecure elements ? and how to evaluate if these elements > are the results of a successful man in the middle attack or not ? Insecure elements in a secure page wouldn't be the result of a man in the middle attack. That would require being in the middle of the https connection in order to change the content of the page. If you're already in the middle of the https connection in a non- obvious way, why downgrade to http? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists