[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: how can you verify that the site you get is not a fake?



On Mon, Jun 06, 2005 at 03:38:58PM +0200, Felipe Alfaro Solana wrote:
> Nah! That's not enough... many web browsers are vulnerable to
> cross-site scripting code. I've seen some real proof-of-concept web
> sites that, by using a main frame protected via HTTP/S and a valid SSL
> certificate, where vulnerable to cross-site scripting-like attacks
> that were able to insert fake pages into a subframe without the web
> browser even alerting about it.

If there's a security vulnerability in your applications, all bets are off.


-- 
Matthew Miller           mattdm mattdm org        <http://www.mattdm.org/>
Boston University Linux      ------>                <http://linux.bu.edu/>
Current office temperature: 80 degrees Fahrenheit.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]