[prev in list] [next in list] [prev in thread] [next in thread] 

List:       websecurity
Subject:    Re: [WEB SECURITY] Pretty-Bad-Proxy: An Overlooked Adversary in Browsers HTTPS Deployments
From:       quigley () emerose ! com (Sam Quigley)
Date:       2009-05-28 16:32:55
Message-ID: 26487EB5-5C6D-40C9-8B9E-CD41B0EA426B () emerose ! com
[Download RAW message or body]


On May 28, 2009, at 5:53 AM, Paul Johnston wrote:

> Hi,
>> Pretty-Bad-Proxy: An Overlooked Adversary in Browsers� HTTPS  
>> Deployments
>> http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
>>
> I agree, this is an excellent paper. I'm quite shocked the "proxy  
> response rendered in HTTPS context" bugs have existed for so long,  
> but hey, at least they're fixed now.

Well, "fixed" now.  According to the paper, they're fixed in IE8 --  
currently, what, ~5% market share? -- but not in IE7 or IE6 (~75%  
market share?)...

I agree, though -- excellent paper.

-sq


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA


[prev in list] [next in list] [prev in thread] [next in thread]