| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <75CA0157-B2A0-4F65-8CC3-2D8AF9C18E40@twitter.com> Date: Sun, 18 Oct 2009 15:08:08 -0700 From: John Adams <jna@...ina.net> To: Mohammad Hosein <mhtajik@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: insecure elements in https protected pages Any request on that page that is in http is an insecure element. Mixing HTTP and HTTPS on the same page is insecure as the credentials, cookies or other identifying data would be sent in the clear to the HTTP server. Install FireBug and watch what pages are loaded, or manually go through the HTML and move all page elements over to SSL. -j On Oct 18, 2009, at 3:03 PM, Mohammad Hosein wrote: > in a certain web application e.g gmail there are times the whole > communication is secured by ssl and sometimes "there are insecure > elements" that raise questions . i'm not a web professional . how to > find these insecure elements ? and how to evaluate if these elements > are the results of a successful man in the middle attack or not ? > > regards > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists