Topics
Tags
Favorite Links
Translate
Pick Your Language
Security Books
Archives
Recent entries...
Twitter
Sponsored Ads
Popular Pages
Sponsored Ads
The Web Security Mailing List

Results of internet SSL usage published by SSL Labs

Ivan Ristic (of modsecurity fame) has published the results of an evaluation against over 900,000 websites supporting SSL. The goal of this evaluation was to see how people really use/misuse ssl in the wild, as well as report on the usage of browser protections such as the Secure cookie flag, and Strict-Transport-Security....

Posted by Robert A. on 05/25/2011 in Browsers , Cryptography , IndustryNews , Research , Vulns | Permalink | Reddit | Comments (2) | TrackBack (0) | Read more of this story...

Another use of Clickjacking, Cookiejacking!

Rosario Valotta has published an interesting attack against IE that takes advantage of clickjacking. In a nutshell it combines origin flaws within IE with clickjacking to trick a user into copying/pasting their own cookies from any site! Demonstration below The technical details can be found at https://sites.google.com/site/tentacoloviola/cookiejacking and his slides at https://docs.google.com/viewer?a=v&pid=sites&srcid=ZGVmYXVsdGRvbWFpbnx0ZW50YWNvbG92aW9sYXxneDoxMWJlZTI5ZjVhYjdiODQx

Posted by Robert A. on 05/25/2011 in Browsers , IndustryNews , Research , Vendors , Vulns | Permalink | Reddit | Comments (0) | TrackBack (0) | Read more of this story...

Looking for something else or having a hard time finding a story? We recently moved things around so please use the search bar on the right!
Copyright 2000-2009 CGISecurity.com | Privacy Policy| java mailing list| resolve ip| Mailing Lists | Sony deals